4.1.2 The Data Protection Act 2018/General Data Protection Regulation

Question 1

State:

What DPA and GDPR aim to do

Answer 1

Control how personal data and information is used by organisations, businesses and the UK Government as well as empower individuals to take control over their personal data

Question 2

Explain:

What DPA means in comparison to GDPR

Answer 2

DPA is the UK’s implementation of the EU’s General Data Protection Regulation after the UK left the EU

Question 3

State:

4 purposes of the DPA 2018

The principles of the act

Answer 3

4 of:
* Used fairly, lawfully and transparently
* Used for specified, explicit purposes
* Used in a way that is adequate, relevant and limited to only what is necessary
* Accurate and, where necessary, kept up to date
* Kept for no longer than necessary
* Kept appropriately secure

Question 4

State:

4 purposes of the GDPR

The principles of the act

Answer 4

4 of:
* Lawfullness, fairness, trainsparency
* Purpose limitation
* Data minimisation
* Accuracy
* Storage limitation
* Integrity and confidentiality

Question 5

State:

3 examples of characteristics DPA provides legal protection of

The principles of the act

Answer 5

3 of:
* Race
* Ethnic background
* Political opinions
* Religious beliefs
* Trade union membership
* Genetics
* Biometrics
* Health
* Sex life or orientation

Question 6

Fill The Blank:

Under DPA a data subject (User) has ……… such as beign able to find out what ……….. is being held about them

Data subject rights

Answer 6

Rights, Data

Question 7

State:

4 rights a data subject (user) has under DPA

Answer 7

3 of:
* Be informed about how the data is being used
* Access personal data
* Have incorrect data updated
* Have data erased
* Stop or restrict the processing of the data
* Data portability
* Object to how the data is processed in certain circumstances
* Automated decision making processes
* Profiling

Question 8

Fill The Blank:

DPA and GDPR both require …………… for a marketing ……………… to be sent

Marketing Consent

Answer 8

Consent, Message

Question 9

Fill The Blank:

Consent must be ………… and …………. given, clear and specific.

Marketing Consent

Answer 9

Knowingly, Freely

Question 10

Fill The Blank:

Giving consent for marketing material must be …………. and therefore must be an …….-…. method and not in ……… and ………………. because these are hard to understand and rarely read

Marketing Consent

Answer 10

Clear, Opt-in, Terms and Conditions

Question 11

Fill The Blank:

It must be made easy to opt-out of marketing material such as ‘……………’ at the bottom of an email because consent can be ……………. at any time

Marketing Consent

Answer 11

Unsubscribe, Withdrawn

Question 12

Fill The Blank:

GDPR makes it clear that pre-………….. boxes are not valid ……………

Marketing Consent

Answer 12

Ticked, Consent

Question 12

Explain:

Higher Maximum penalty that can be issued by ICO

Enforcement

Answer 12

Failure to comply with core data protection principles or individuals rights as in DPA
£17.5m or 4% of total annual worldwide turnover in preceding financial year (whichever is higher)

Question 13

Explain:

Standard penalty that can be issued by ICO

Enforcement

Answer 13

All other infringements other than what is covered in Higher max. penalty (breaching core data protection principles)
£8.7m or 2% of totalannual worldwide turnover in preceding financial year (whichever is higher)