CH13 Data Protection Flashcards
- Identify the key requirements of the Data Protection Act 2018, on the use of personal information and how the Act can affect the manner in which information systems are used by businesses
What is a data processor responsible for?
Processing personal data on behalf of the controller
What does a data controller do?
Determines the purpose and means of processing personal data
What are personal subjects?
Identified or identifiable individuals (not companies) to whom personal data relates
What is the Information Commissioner’s job?
To enforce the Data Protection Act
How many hours does an organisation have to inform the Information Commissioner of a data breach?
72 hours
What are the results of non-compliance with the Data Protection Act?
Criminal conviction
Fine of up to £18 mil or 4% of global turnover
What are the data protection principles?
- Lawfulness, fairness, transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
What are the rights of data subjects?
- To be informed
- Access
- Rectification
- Erasure
- Portability
- Objection
- Automated decision making and profiling
What is exempt from the Data Protection Act?
- Employers may process data in accordance with employment law, e.g. payroll
- Academic institutions if the data processed is for academic purposes
- Scientific and historical research organisations where the principles would impair their core activities
- Individual rights are limited where they can be abused to commit crimes, disrupt legal proceedings or otherwise disrupt public authorities or regulators