When personal data are processed, who is ultimately responsible for demonstrating compliance with the GDPR?
Personal data as defined in the GDPR can be divided into several types. One of these types is described: Data that directly or indirectly reveal someone’s racial or ethnic background, political, philosophical, religious views, union affiliation and data related to health or sex life and sexual orientation. What type of personal data is this?
To plan the amount of parking space needed, a local government monitors and saves the license plate number of every car that enters and leaves the city center. They have obtained permission to collect data on the number of cars present in the city center. By comparing the license plate time of entry and exit the number of cars present every moment of each day is calculated. Each month a report is created detailing the average number of cars in the city center at specific moments for every day of the week. At every entrance to the city center, a billboard clearly states what data is collected by whom, the purpose of the processing and the fact that the license plate numbers are saved securely for up to two years, because the measurements will be repeated next year. Which of the basic principles for legitimate processing of personal data is violated in this scenario?
According to Article.33 of the GDPR the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. What is the maximum penalty for non-compliance with this notification obligation?
TESTED 19 Apr 2024
