Chapter 13 - Data protection laws

Question 1

What is the purpose of the Data Protection Act 2018?

Answer 1

The Act is intended to protect individuals from misuse of the information about them. It sets out the data protection principles which apply to anyone who processes personal data

Question 2

What are data controllers?

Answer 2

Data controllers determine the purpose and means of processing personal data

Question 3

What are data processors?

Answer 3

Data processors are responsible for processing personal data on behalf of a controlle

Question 4

What are personal subjects?

Answer 4

Personal subjects are identified or identifiable individuals (not companies) to whom personal data relates

Question 5

What data is covered under the Data Protection Act?

Answer 5

The Act applies where personal data is held on computer or manual files by any organisation (large or small, profit making or not, incorporated or not).
Personal data covers any information related to an identifiable living individual and it includes not only recording of facts but also expression of opinion about an individual

Question 6

What is the Information Commissioner? What powers does it posess?

Answer 6

The Information Comissioner is the UK regulator for data protection.
It has statutory powers to enforce compliance with the Act.

Question 7

In what time frame must the Information Comissioner be informed about a data breach?

Answer 7

It must be informed within 72 hours of a data breach that affects the rights and freedoms of individuals (in high risk cases the individuals must be informed as well)

Question 8

What are the punishments for non-compliance with the Data Protection act?

Answer 8

May result it:
* A criminal conviction if a crime has been committed under the Act
* A fine of up to approximately £18 million (is determined in Euros so depends on exchange rate) or 4% of the organisation’s global turnover

Question 9

What are the principles of data protection defined under the act? Define each (6)

Answer 9

Question 10

What are the rights of data subjects defined under the act? Define each (6)

Answer 10

Question 11

What are the exemptions to the act? Explain each (4)

Answer 11

The following are exempt from the provisions of the Act:
* Employers may process data in accordance with employment law, eg payroll
* Academic institutions (e.g. universities) if the data processed is for academic purposes
* Scientific and historical research organisations where the principles would impair their core activities
* Individual rights are limited where they can be abused to commit crimes, disrupt legal proceedings or otherwise disrupt public authorities and regulators