infringements adequate

GDPR allows the supervisory authorities to impose fines of up to four percent of annual worldwide turnover and €20m for serious infringements (eg breach of basic principles for processing, such as consent, safeguards and transfers).

infringements 侵犯 违反

                                                                   *copyright infringements 侵犯版权 ; 侵权*

turnover [贸易] 营业额；流通量

The financial services regulator has fined Zurich UK £2,275,000 for failing to prevent the loss of personal data by its affiliate in South Africa. Due to the lack of proper reporting lines, Zurich UK did not learn of the incident until a year later. Although customer accounts were not compromised or misused, Zurich UK was fined for the lack of adequate systems and controls.

adequate 充足的；适当的；胜任的

affiliate 隶属的机构等 子公司
,

Personal and sensitive data must be processed fairly, lawfully and in a transparent manner

To comply with this principle, we must ensure that we have legal grounds for collecting and processing the personal data and document this. We must also ensure that we don’t do anything unlawful with personal data or use it in ways that have unjustified adverse effects on the data subjects. Furthermore, we must be transparent about how we’ll use data, as well as inform individuals via privacy notices about how their data will be used at the point of collection and handle it in ways they would reasonably expect. Where we rely on consent to process personal data, individuals generally have more rights (including the right to remove consent or have data deleted).

Sensitive personal data requires even more care. We must obtain explicit consent from people before collecting or processing it - ie we need to tell them why we’re collecting the data and get their permission to use it.

Some examples of the ‘legal grounds’ for processing personal data are: •Consent of the data subject
•Performance of a contract •履行合同
•Exercise of our or another third party’s legitimate interests

you should be aware of the data retention requirements of any other legislation that applies, such as the Money Laundering Regulations. Data can be kept for longer if it is processed solely for archiving purposes in the public interest, or for scientific, historical or statistical research purposes. If you’re in doubt, speak to our DPO.

retention 保留
legislation 法律
solely 仅 只是，