34. Data Management Flashcards
What is the Data Protection Act 2018?
- The act replaces previous 1998 legislation and manages how personal data is processed by organisations and the government.
- It is the UK legislation for the implementation of the EU General Data Protection Regulations (GDPR).
What are the key Principles of the Data Protection Act 2018?
- The act ensures that data is:-
o Used fairly, lawfully and transparently.
o Used in a way that is adequate, relevant and limited to only the purpose it is intended.
o Is retained for no longer than is necessary.
o Processed securely including the protection against unlawful use, loss or destruction.
What are a person’s rights under the Data Protection Act?
- People have the right to:-
o To be informed about how their data is being used.
o The right to access their data.
o The right to have incorrect information updated.
o To have their data erased.
o To stop or restrict the processing of their data.
o The right of portability.
o To object to the use of their data
What is the meaning of a non-disclosure agreement?
- Non-disclosure agreements are used to protect against the disclosure or sharing of any confidential data.
- Prior to the confidential data being share with a recipient, clients will typically request that the recipient signs up to an NDA.
- They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.
If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?
- I would make the client aware of the risks involved and check their understanding of the conflict of interest.
- I would ensure a letter of instruction to continue was obtained from the client.
- Exclusivity of staff would be arranged.
- The use of non-disclosure agreements would be considered.
- Separate working locations from each of the teams would need to be put in place.
- Secure document and data storage would be arranged to be used exclusively for the separate teams.
What are the 8 individual rights under GDPR?
* The right to be informed.
* The right of access.
* The right of rectification.
* The right to erasure.
* The right to restrict processing.
* The right to data portability.
* The right to object.
* Rights of automated decision making and profiling
ROADIER
What is the consequence of breaking Data information act
The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover
Given your training in GDPR, describe how you handle personal and sensitive project data to ensure compliance with the Data Protection Act 2018.
What are the principles of GDPR?
Lawfulness, fairness and transparency
Purpose limitation
Data Minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability