面试题与答案

The key principles include lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability.

A DSAR is a request made by an individual to access their personal data held by an organization. Organizations must respond to DSARs without undue delay and provide the requested information.

GDPR allows the transfer of personal data to countries outside the EU under certain conditions, such as the existence of adequacy decisions or the implementation of appropriate safeguards.

Fines for non-compliance with GDPR can be significant, with the maximum penalty being up to 4% of a company's global annual revenue or 20 million euros, whichever is higher.

A data controller determines the purposes and means of processing personal data, while a data processor processes data on behalf of the controller.

GDPR requires special protection for the processing of personal data of children, with specific rules regarding consent and parental authorization.

Privacy by Design requires organizations to consider data protection at the initial design stages of systems, products, or processes, rather than as an addition.

GDPR provides individuals with the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects.

GDPR requires organizations to report certain types of data breaches to the relevant supervisory authority within 72 hours and, in some cases, to data subjects as well.

GDPR imposes stricter conditions on the processing of sensitive personal data, such as health, racial or ethnic origin, religious beliefs, etc.

Organizations can demonstrate compliance through policies, documentation, privacy impact assessments, and by implementing technical and organizational measures to ensure data protection.

Data minimization requires organizations to process only the personal data necessary for the specific purpose for which it is processed.

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

GDPR allows the transfer of personal data to countries outside the EU under certain conditions, such as the existence of adequacy decisions or the implementation of appropriate safeguards.

Organizations should conduct due diligence on third-party data processors, include GDPR-compliant clauses in contracts, and monitor compliance throughout the relationship.