Monday, 06. April 2020
More

    GDPR – practical examples 2

    Must Read

    Should school classes start later?

    The American Academy of Pediatrics recommended in August 2014 that middle and high schools should not commence before 8:30...

    Proposal for new balanced timetable

    Maternell: Monday - Friday from 9.00 to 14.00 Primary: Monday and Wednesday from from 9.00 to 16.30, Tuesday, Thursday and Friday from 9.00 to 14.00. Secondary: Monday, Wednesday and Friday from from 9.00 to 16.30, Tuesday and Thursday from 9.00 to 14.00.

    Low registration and transferrals out of European School Mamer

    The rate of registration of new children to European school Lux II is so low that the school now wants to radically change the rules of registration, ‘forcing parents with kids in the DE, FR and EN sections to send their kids to Lux II, except in certain circumstances.’

    Can a statutory authority discharge its obligations in regard to data protection by outsourcing the collection, storage and processing of personal data to another organisation?

    No. If data handling is outsourced then the company is acting as a data controller and the company which provides outsourcing as a processor, but both have obligations under GDPR.

    An online retailer uses a payment company to process its customer transactions. Is the payment company acting as the data processor for the retailer?

    No.

    The payment company exercises the control over the type of information collected about customers from the retailer, decides how the information is processed and how long it is kept, and has its own terms and conditions that apply directly to the customers.

    Can personal data be transferred out of one of the EU country except to another member state of the EEA?

    It depends.

    Subject data may be transferred to another country outside the EEA, if that country’s data protection laws have been approved by the European Commission, or if the level of protection has been assessed as adequate. For countries where the Commission has not made a ruling that there are adequate safeguards, personal data may still be transferred to those countries under certain specific circumstances. These include where the transfer is not made by a public authority in the exercise of its powers, involves data related to only a limited number of individuals, or is necessary for compelling legitimate interests of an organisation.

    Can personal data be transferred out of the one of the EU country provided that the destination country’s data protection laws have been approved by the European Commission?

    Yes.

    The European Commission publishes a list of countries whose data protection laws and rights have been reviewed and are deemed adequate (see https://gdpr-info.eu/issues/third-countries/).

    Simply assessing the rights of data subjects in the destination country is insufficient: the level of rights must be shown to be ‘adequate’.

    The controller must ensure in another way that the personal data will be sufficiently protected by the recipient. This can be assured using standard contractual clauses, for data transfers within a group through so-called “binding corporate rules,” through the commitment to comply with codes of conduct which have been declared by the European Commission as being generally applicable, or by certification of the data processing procedure.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Latest News

    Communication on the impact of COVID-19 outbreak in European Schools

    On 27.03.2020 another communicatoin was sent by the Secretary General of the European Schools, Mr. Giancarlo Marcheggiano.

    Communication from the Secretary General 23.03.2020

    A communication from the Secretary General of the European Schools, Mr. Marcheggiano, with 2 accompanying documents. It is now...

    The challenges of a 21st-century education

    For several decades, the nuances of the teaching-learning process have guided the research work of social scientists. The different pedagogical approaches have...

    GDPR – practical examples 2

    Can a statutory authority discharge its obligations in regard to data protection by outsourcing the collection, storage and processing of personal...

    Major challenges schools are currently facing

    Elementary school is an integral part of children's lives. Primary education prepares and introduces children to a new part of their lives....