What type of data lies beyond the scope of the General Data Protection Regulation?
What type of data lies beyond the scope of the General Data Protection Regulation?
When data is anonymized, it is processed in such a way that it can no longer be used to identify an individual, either directly or indirectly. Once anonymized, the data is no longer considered personal data and thus falls outside the scope of the General Data Protection Regulation (GDPR). The GDPR applies to personal data that can either directly or indirectly identify an individual, which includes pseudonymized, encrypted, and masked data as they can potentially be used to re-identify a person.
B is the right one. It still possible to identify a data subject if you decrypt the data.
Definitely B. Anonymized
B. Anonymized
AGREE IT SHOULD BE B
https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_en#:~:text=Different%20pieces%20of%20information%2C%20which,the%20scope%20of%20the%20GDPR. B. ANONYMIZED Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
To all saying B: anonymized data have been specified as a form of data within the GDPR. Encryption has been discussed in te GDPR only as a form of additional security, not as a type of data. Thus when the question is "what type of data lies beyond the scope" it's encrypted data. Hence answer C.
Scope here should refer to what type of data falls under GDPR, not whether it is discussed or not. The GDPR specifically does not apply to data that is not considered personal data, ie.: anonymized data. Encrypted data may still be considered personal data, and as such it should be B.
B is the right one. It still possible to identify a data subject if you decrypt the data
this is 100% B. Not C
https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_en#:~:text=Different%20pieces%20of%20information%2C%20which,the%20scope%20of%20the%20GDPR. B. ANONYMIZED Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
B. Anonymized Anonymized data is data that has been processed in such a way that it can no longer be used to identify an individual, either directly or indirectly. Once data is truly anonymized, it is no longer considered personal data and falls outside the scope of the GDPR. This is because anonymized data does not pose the same privacy risks as data that can be linked to an individual. Pseudonymized, encrypted, and masked data still fall within the scope of the GDPR because they can potentially be re-identified or decrypted to reveal personal information.
It is B, not C
B is the right answer.