11 - Data Law Flashcards
What’s an example of data?
- Customer data
- Employee data
- Supplier data
- Production data
- Intellectual data
What does the data protection act 2018 govern?
The use of personal information and impacts on how information systems are used by business.
How many principles of GDPR are there?
7
What’s the 1st principle of GDPR?
Lawfulness, fairness and transparency:
Basis must be lawful for processing personal data be open with the use.
What’s the 2nd principle of GDPR?
Purpose limitations:
Must be clear with purpose of data, record purposes + specify + only can use for new purpose and notify.
What’s the 3rd principle?
Data minimisation:
Don’t hold more than you need + periodically review data held and delete the unnecessary.
What’s the 4th principle?
Accuracy:
Must be accurate, updated and corrected. Delete if not correct.
What’s the 5th principle?
Storage limitation:
Justify how long you keep it, set retention period + periodic review and deletion.
What’s the 6th principle?
Security:
Physical and online processes must be in place.
What’s the 7th principle?
Accountability:
Records and processes to demonstrate compliance.
How many individual rights are there?
8
Name 2 of the individual rights
- Be informed
- Of access
- To rectification
- To erasure
- Restrict processing
- Data portability
- To object
- Rights to automated
Who is the regulator for the UK?
ICO.
What must a company report to ICO?
A breach that poses a risk to people.
What is the time limit to support?
72 hours.
What’re the sanctions for a data breach?
- Monetary penalties
- Enforcement notices
- Prosecutions
- Undertakings
What’s the highest fines for data breaches?
£17.5M
Or
4% of total annual turnover in preceding year.
Name an example of enforcement
Marriott Hotels
- Fined £18.4M for major data breach where guest names, contact info and passport details were compromised.
