7 - Data Management Flashcards
Data Management - Extract from Candidate Guide - Aug 2018 (updated Feb 2022)
What does GDPR stand for ?
General Data Protection Regulation
When did GDPR come into affect ?
New rules relating to how we collect and process personal data - the EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018.
What could happen if you do not meet the requirements ?
• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher
• £8.7 million or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher
Have you completed any training on GDPR ? what did you learn ?
Yes, please see CPD …..
What are the maximum fines (UK GDPR) , how are the fines calculated ?
• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher
What legislation covers data protection in the UK ?
Data Protection Act 2018 and UK GDPR
Who does Freedom of Information Act Apply to?
Public right of access to information held by public authorities.
Does GDPR apply post Brexit ?
Yes, many aspects of GDPR will be converted into UK Law on 1st Jan 2021 under the titles UK GDPR. in turn companies will still need to comply
What will the changes include (GDPR post Brexit)?
UK government will control the UK GDPR as opposed to the European union.
Who oversee information rights in the UK ?
ICO - International Commissioners Office
https://ico.org.uk/
What happens if you are sharing or processing data from the EU ?
Adhere to :
• UK GDPR
• EU GDPR
• Data Protection Act 2018
q
Who enforces the data protection ?
Information commissioners office - ICO
How do you ensure data you hold on clients is kept secure and confidential ?
I use secure documents that are stored on password protected machines and servers. I also only keep the information I need and use it for the purpose it has been collected without passing it on unless I have approval prior.
What are the 7 GDPR principles? - LADSPAS
• Lawfulness, fairness and transparency – leave the individual fully informed
• Accuracy – where necessary kept up to date, erase inaccurate personal data without dela
• Data minimisation – collect the minimum data you need
• Storage limitation – Retain the data for a necessary limited period and then eras
• Purpose limitation – must inform your clients about the purpose of the data collection
• Accountability – Record and prove compliance
• Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall
What does GDPR stand for ?
General Data Protection Regulation
How have you changed the way you managed data during COVID 19 and home working ?
Only allowed to use work equipment, the storage of files/documents to be locked away, regular update on password protected equipment etc.
What does the Freedom of Information Act enable?
Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates Limit access to sensitive data use smart passwords to resident details.
How do you ensure the data that you hold on your clients is kept secure and confidential?
Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates.
Why do you keep company data for 12 years?
It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.
What is project extranet?
A computer network that allows controlled access from the outside for specific project purposes. Essentially is a system that allows individuals outside the company to view project files on a secure platform.