6. Some Legal Obligations

Question 1

What’s the difference between EU’s regulations and directives?

Answer 1

Regulations are immediately applied to all member states.

Directives instruct member states to pass their own national laws.

Question 2

What is precedent?

Answer 2

Where a case decided in a higher court is followed by lower courts in the future.

This does not overrule statute law.

Question 3

What does the Data Protection Act relate to in the UK.

Answer 3

Personal information processed wholly or partially automatically.

Question 4

What are the principles of the Data Protection Act?

Answer 4

Data should be:
- Processed fairly and lawfully
- Only obtained for one or more specified lawful purposes
- Not excessive to what’s required
- Kept accurate and up-to-date
- Not kept longer than necessary
- Held and processed securely

Question 5

What are the rights of a data subject?

Answer 5

• To be informed about the info being held
• To have access to the data
• To have the data rectified and corrected
• To have the data erased
• To restrict processing
• To data portability (use for own purposes)
• To object to the usage of the data
• Relating to automated decision making and profiling

Question 6

What are limitations of the rights of a data subject?

Answer 6

Limited rights regarding data held by police and security services
- Can’t insist criminal record is erased
- Can’t access data security services may hold about you

Question 7

How does GDPR restrict transfer of data?

Answer 7

Restricts transfer outside European Economic area (where GDPR applies) unless the rights of individuals are protected in some other way.

Question 8

What does GDPR stand for?

Answer 8

general data protection regulation

Question 9

What are the risks to data?

Answer 9

• Human error
• Technical problems
• Catastrophic events
• Malicious damage
• Industrial espionage or sabotage
• Dishonesty or fraud