AH Data Protection Policy Flashcards
What is the statutory deadline for processing subject access requests?
One month
Who enforces compliance with the data protection rules in the UK?
Information Commissioner
What is the first of seven Data Protection principles?
Lawfulness
What is the second of seven Data Protection principles?
Restriction of purpose
What is the third of seven Data Protection principles?
Data minimisation
What is the fourth of seven Data Protection principles?
Accuracy
What is the fifth of seven Data Protection principles?
Storage
What is the sixth of seven Data Protection principles?
Security
What is the last of seven Data Protection principles?
Accountability
Is Credibility a data protection principle?
No
“Customer data should be processed lawfully, fairly and in a transparent way” does this link to a Data Protection Principle?
Yes (Lawfulness)
What do you require before processing personal data when there is no contractual or legitimate interest?
Explicit consent from the customer.
How long is staff personal data retained for once the employee leaves AH?
10 years.
Info which can be used to identify (directly or indirectly) an individual is a definition of what?
Personal data
What is classified under special category for personal data?
Race or ethnic origin.
Political, religious or philosophical beliefs.
Trade union membership.
Genetic info.
Biometic data.
Data concerning health and sickness records.
Data concerning a person’s sex life or orientation.
Data about convictions and offences.
Which data protection principle is being described “personal data should be adequate, relevant to the purposed we have told you/the data subjected about and limited only to those purposes?
Data minimisation
At AHA who is the Data Controller?
AHA.
You have made a recommendation and application submitted to a lender or insurer, how long must data be kepy for?
Indefinitely, subject to a minimum of 75 years.
Employees report any data protection issues or concerns to?
Senior Management
Is it true that the board and senior management team have overall responsibility for ensuring compliance with deta protection?
Yes
Data Protection Legislation means…
Data Protection Act 2018 & General Data Protection Regulation EU 2016
Who has overall responsibility for ensuring compliance with Data Protection?
The board and senior management team
Who are the first points of contact after imediate managers for employees with concerns on Data Protection?
The Compliance Support Team and Risk, Compliance and Tech Director (DLS)
What is the first of three aims of the date protection policy?
Ensure compliance with all applicable data protection legislation
What is the second of three aims of the date protection policy?
Protect AHA’s employees and data subjects from the risks associated with breaching this Data Protection Legislation.
What is the last of three aims of the date protection policy?
Safeguard AHA’s name and reputation from damage caused by the risks of unlawful processing and data breaches.
Does AH provide customers with the opportunity
to opt-out by including a link at the bottom of each marketing email?
Yes
What is the email they can contact to opt out of marketing?
DPAConsents@alexanderhall.co.uk
Can clients opt out of marketing verbally?
Yes
