GDPR and US States General Privacy Laws Deskbook

Page 13 - GDPR and US States General Privacy Laws Deskbook

P. 13

13 | General Privacy Laws Deskbook: US State Laws and GDPR
Part 3. Requirements for Controllers and Processors. ......................................................................................................................................... 380
13-61-301. Responsibility according to role.. ............................................................................................................................................................ 380
13-61-302. Responsibilities of controllers -- Transparency -- Purpose specification and data minimization -- Consent for secondary use
-- Security -- Nondiscrimination --Nonretaliation -- Nonwaiver of consumer rights....................................................................................... 381
13-61-303. Processing deidentified data or pseudonymous data.. ...................................................................................................................... 382
13-61-304. Limitations................................................................................................................................................................................................... 383
13-61-305. No private cause of action.. ..................................................................................................................................................................... 384
Part 4. Enforcement. ..................................................................................................................................................................................................... 385
13-61-401. Investigative powers of division............................................................................................................................................................. 385
13-61-402. Enforcement powers of the attorney general.. .................................................................................................................................... 385
13-61-403. Consumer Privacy Restricted Account.. ................................................................................................................................................ 386
13-61-404. Attorney general report............................................................................................................................................................................ 386
Effective date.................................................................................................................................................................................................................... 386
Virginia Consumer Data Protection Act ................................................................................................................................................ 387
Chapter 53. Consumer Data Protection Act.. ......................................................................................................................................................... 388
§ 59.1-575. Definitions.. ................................................................................................................................................................................................. 388
§ 59.1-576. Scope; exemptions.................................................................................................................................................................................... 390
§ 59.1-577. Personal data rights; consumers.. ........................................................................................................................................................... 391
§ 59.1-578. Data controller responsibilities; transparency.. ................................................................................................................................... 392
§ 59.1-579. Responsibility according to role; controller and processor.. ............................................................................................................. 394
§ 59.1-580. Data protection assessments.. ................................................................................................................................................................ 394
§ 59.1-581. Processing de-identified data; exemptions.. ........................................................................................................................................ 395
§ 59.1-582. Limitations.. ................................................................................................................................................................................................. 396
§ 59.1-583. Investigative authority.. ............................................................................................................................................................................ 397
§ 59.1-584. Enforcement; civil penalty; expenses.. .................................................................................................................................................. 398
§ 59.1-585. Repealed...................................................................................................................................................................................................... 398
EU General Data Protection Regulation. ................................................................................................................................................ 399
Article 1 Subject-matter and objectives. ..................................................................................................................................................................... 400
Article 2 Material scope. ................................................................................................................................................................................................. 400
Article 3 Territorial scope............................................................................................................................................................................................... 400
Article 4 Definitions. ........................................................................................................................................................................................................ 401
Article 5 Principles relating to processing of personal data................................................................................................................................... 403
Article 6 Lawfulness of processing. .............................................................................................................................................................................. 404
Article 7 Conditions for consent. .................................................................................................................................................................................. 405
Article 8 Conditions applicable to child’s consent in relation to information society services...................................................................... 405
Article 9 Processing of special categories of personal data. ................................................................................................................................... 406
Article 10 Processing of personal data relating to criminal convictions and offences..................................................................................... 407
Article 11 Processing which does not require identification. ................................................................................................................................. 407
Article 12 Transparent information, communication and modalities for the exercise of the rights of the data subject. .......................... 407
Article 13 Information to be provided where personal data are collected from the data subject. ................................................................ 408
Article 14 Information to be provided where personal data have not been obtained from the data subject............................................ 409
Article 15 Right of access by the data subject. .......................................................................................................................................................... 411
CONTENTS

11 12 13 14 15