Data Management

  1. What is the Data Protection Act 2018?
    The UK’s implementation of the GDPR
  2. When did GDPR / Data Protection Act come into force?
    25 May 2018
  3. What does this Act cover?
    A complete data protection system so as well as governing personal data covered by the GDPR, it covers all general data as previously covered by the 1998 Act
  4. What data does it relate to?
    It relates to personal data
  5. What is its aim?
    • Aims to create a single data protection regime for anyone doing business in the EU and to empower individual to take control of how their data is used by third parties
    • Provides a right to know how a person’s data is used
  6. What must be conducted for high risk holding of data?
    An obligation to conduct data protection impact assessments for high risk holding of data
  7. What new rights do individuals have?
    New rights for individuals to have access to info on what personal data is held and to have it erased
  8. What is data accountability?
    Data Accountability – ensuring organisations can prove to the Information Commissioners Office how they comply with the regulations
  9. How long after a data breach must you report it?
    Data breaches to be reported within 72 hours
  10. What are the fines for data breaches under GDPR?
    An increase in fines up to 4% of company’s global turnover or 20m euros (whichever is great)
  11. What does a data controller do?
    A data processor decides how and why personal data is processed and is directly responsible for GDPR
  12. What are the principles Article 5(1)?
    • Data must be:
    • Processed lawfully, fairly and collect in a transparent manner
    • Collected for legitimate purposed
    • Relevant for the reason in which it is processed
  13. What are the principles Article 5(2)?
    The controller shall be responsible for and be able to demonstrate compliance with principles
  14. What are the 8 individual rights under GDPR? ERA RADIO
    • Right to be informed
    • Right of access
    • Right to rectification
    • Right to erasure
    • Right to restrict processing
    • Right to data portability (to use for their own purposes)
    • Right to object
    • Right to automated decision making and profiling
  15. What is the Freedom of Information Act 2000?
    • Gives individuals the right of access to information held by public bodies
    • Public bodies usually required to provide info within 20 working days
    • It can charge to provide info
  16. What are the exemptions?
    • If contrary to GDPR
    • It would prejudice a criminal investigation or person/organisation’s commercial interest
  17. How can you ensure the security of electronic data?
    Using firewalls, encryption, and passwords
  18. What is an NDA?
    Non-disclosure agreement
Card Set
Data Management