Chapter 13 - Data Protection Law Flashcards
What does the Data protection act 2018 set out to do?
Uk approach to data protection
Embodies the principles and rights of EU GDPR
Sets out framework of rules wider than GDPR
What do data controllers do?
Determine purpose and means of processing personal data
What do data processors do?
Responsible for processing personal data on behalf of controller
What are data subjects?
Identified/identifiable individuals to whom personal data relates
Where does the Data protection act 2018 apply?
When personal data is held on computer based info systems/ manual files
What does personal data cover?
Any info relatable to an individual
What is the role of the info commissioner?
Uk regulator for data protection
Statutory powers to enforce non-compliance
must be informed within 72 hours of a breach
What are the punishments for a breach of data protection?
Fine of up to £17.5 mil or 4% of annual turnover, imposed by info commissioner
What are the principles of data protection?
Lawfulness
Data minimisation
Purpose limitation
Accuracy
Storage limitation
Integrity and confidentiality
What rights do data subjects have?
Be informed
Access
Rectification
Erasure
Restrict processing
Data portability
Object
Automated decision making and profiling
What are the exemptions from the data protection act 2018?
Employers may process employee data without consent, acting within employment law
Academic institutions exempt from data processing rules if for academic reasons
Scientific and historical research organisations exempt where principles impair core activities
Is the data controller obliged to take all necessary steps to ensure that data held about an individual is accurate?
No
Does the data controller have to keep the data subject informed (and supply copies) of all personal data
held or processed in respect of that data subject?
No
