CH13 Data Protection Flashcards
- Identify the key requirements of the Data Protection Act 2018, on the use of personal information and how the Act can affect the manner in which information systems are used by businesses
1
Q
What is a data processor responsible for?
A
Processing personal data on behalf of the controller
2
Q
What does a data controller do?
A
Determines the purpose and means of processing personal data
3
Q
What are personal subjects?
A
Identified or identifiable individuals (not companies) to whom personal data relates
4
Q
What is the Information Commissioner’s job?
A
To enforce the Data Protection Act
5
Q
How many hours does an organisation have to inform the Information Commissioner of a data breach?
A
72 hours
6
Q
What are the results of non-compliance with the Data Protection Act?
A
Criminal conviction
Fine of up to £18 mil or 4% of global turnover
7
Q
What are the data protection principles?
A
- Lawfulness, fairness, transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
8
Q
What are the rights of data subjects?
A
- To be informed
- Access
- Rectification
- Erasure
- Portability
- Objection
- Automated decision making and profiling
9
Q
What is exempt from the Data Protection Act?
A
- Employers may process data in accordance with employment law, e.g. payroll
- Academic institutions if the data processed is for academic purposes
- Scientific and historical research organisations where the principles would impair their core activities
- Individual rights are limited where they can be abused to commit crimes, disrupt legal proceedings or otherwise disrupt public authorities or regulators
