Chapter 3 - Data Protection

Question 1

What are the 4 aspects covered by the Data Protection Act 2018 that is not covered by GDPR?

Answer 1

1. Data processing for immigration
2. Data processing for intelligence agencies
3. Data processing for law enforcement
4. Powers and duties of the ICO

Question 2

What are the 6 data protection principles?

Answer 2

1. Fair and lawful
2. Purpose to be explicit and legitimate + specified
3. Data to be adequate, relevant and not excessive
4. Data to be accurate
5. Data to not retained longer than necessary
6. Data to be processed securely.

Question 3

What is the max civil penalty the ICO can issue?

Answer 3

£500,000

Question 4

What is the max criminal penalty the ICO can issue?

Answer 4

Unlimited fine

Question 5

For how long must records of MiFID business be retained?

Answer 5

5 years

Question 6

For how long must records of non-MiFID business be retained?

Answer 6

3 years however, FCA rules have specific record keeping requirements

Question 7

Where are the FCA record keeping requirements set out?

Answer 7

SYSC

Question 8

What is the scope of GDPR?

Answer 8

Covers data controllers and processors. Includes non-EU data processors/controllers who are handling the personal data of EU citizens.

Question 9

What are the 7 principles of GDPR?

Answer 9

1. Lawfulness
2. Fairness + Transparency
3. Purpose limitation
4. Data minimisation
5. Accuracy
6. Storage limitation
7. Accountability

Question 10

What are the penalties that can be imposed by GDPR?

Answer 10

4% of annual global turnover (or €20,000,000 if greater) or

2% of annual global turnover (or €10,000,000 if greater).