GDPR 面试题与答案
问题 21. What is the role of a Data Protection Impact Assessment (DPIA) and when is it required?
A DPIA is a process to identify and minimize the data protection risks of a project. It is required when processing is likely to result in a high risk to individuals' rights and freedoms.
问题 22. How can organizations demonstrate compliance with the principles of GDPR?
Organizations can demonstrate compliance through policies, documentation, privacy impact assessments, and by implementing technical and organizational measures to ensure data protection.
问题 23. What is 'legitimate interest' as a lawful basis for processing personal data under GDPR?
Legitimate interest allows the processing of personal data if it is necessary for legitimate interests pursued by the data controller, except where overridden by the interests or rights and freedoms of the data subject.
问题 24. Explain the concept of 'Data Minimization' under GDPR.
Data minimization requires organizations to process only the personal data necessary for the specific purpose for which it is processed.
问题 25. What are the key differences between GDPR and previous data protection laws?
GDPR introduces stronger data protection principles, increased individual rights, higher fines for non-compliance, and a more consistent approach to data protection across the EU.
用户评价最有帮助的内容:
- What is GDPR?
- What is the 'Right to be Forgotten' under GDPR?
- Who does GDPR apply to?
- How does GDPR define a 'personal data breach'?
- Explain the concept of 'Data Minimization' under GDPR.