Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Data privacy and protection > chapter 6 > Flashcards

chapter 6 Flashcards

1
Q

what does this

Develop and implement policies and practices to adhere to the PDPA

A

Data Protection Management Programme

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is the

Inputs to deciding on policies and practices to be implemented

A

Data Protection Impact Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DPIAs can be conducted on _____ and _______

A

systems and processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what are the key tasks in DPIA

A
  1. Identifying the personal data handled by the system or
    process
  2. Identifying how the personal data flows
  3. Identifying data protection risks
  4. Addressing the identified risks
  5. Checking to ensure that identified risks are adequately
    addressed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

when to conduct a DPIA

A
  1. Creating a new system
  2. Creating a new process
  3. Changing existing systems or processes
  4. Changes to the organisational structure
  5. Collecting new types of personal data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To address data protection risks effectively, a DPIA should involve ________________

A

relevant stakeholders and where needed, relevant external parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

who is the DPIA lead

A

project manager

in charge of the DPIA project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is the responsibilities of project manager (DPIA Lead)

A

Overall in-charge of the DPIA and could be supported by a DPIA team.
Seeks input from relevant parties on:
* Data protection risks and challenges
* Possible solutions to address the risks
* Documents DPIA report
* Monitors DPIA outcomes and reviews the DPIA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

role of the Data protection officer

A

Enforcing the Data Protection policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is the responsbilities of DPO

A

Advises DPIA lead throughout the DPIA process, including
providing support based on best practices
* Defining the risk assessment framework
* Ensuring that DPIAs are conducted according to the organisation’s
policies
* Assists in reviewing the DPIA report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

role of Project Steering Committee

A

Management of organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

responsibilities of project steering committee

A

Commissions the DPIA

Approves the DPIA report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is the role of others

A

Other organisational functions or external parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is the responsibilities of others

A

Provides input on potential risks and challenges, for example
* IT and Legal
* Customer Service, Communications or Operations
* Human Resource or Staff Capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what are the steps in the Data Protection Impact Assessment Life Cycle

A

phase 1 assess the need for DPIA

phase 2 plan DPIA

phase 3 Identify Data and personal data flows

phase 4 identify and assess data protection risks

phase 5 create action plan

phase 6 implement and monitor action plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is phase 2

A

plan for DPIA

17
Q

what is involved in plan for DPIA (phase 2)

A

Project Description
*Overview of the project and reason for DPIA
*Key considerations

Scope of DPIA
*Detail of the specific system or process in scope

Define Risk Assessment Framework
*Risk assessment criteria
*Risk calculation method

Parties Involved
*Identify relevant internal or external stakeholders
*Approach in gathering stakeholder inputs

DPIA Timeline
*Overall DPIA timeline
*Key task timeline

18
Q

Personal data protection risks can be evaluated based on its ___________- and ____________

A

likelihood (likelihood criterion) and impact (impact / consequence criterion)

19
Q

what are risk matrix scoring

A

high risk rating (15 - 25)
risk threshold (8 - 12)
low risk rating (1 - 3)

20
Q

Quantitative Risk Ratings formula

A

Risk = Likelihood x Impact

21
Q

what happens in Phase 3: Identify Personal Data and Data Flow

A

DPIA lead would need to collate and review documentation related to the project (e.g., project plan, system functional specs) in order to determine how personal data is being collected, used or disclosed. DPIA lead should also consult stakeholders and conduct on-site inspections.

Identify various types of personal data handled and
determine the purposes

Map the way that personal data flows through various
stages

22
Q

Example of Identify Personal Data (phase 4)

A

DPIA lead / Website administrator
* Consults the relevant project stakeholders
(e.g., Planning team, IT, Finance, Marcom)
* Reviews any project relevant documentation

DPIA lead sets out to identify personal
data touchpoints in the system
* Who has access to the various types of
personal data?
* Where and how is the personal data being
stored?
* How is the personal data being used?
* How long is the retention period and what are
the disposal methods

23
Q

what happens in Phase 4: Identify and Assess Risk

A

Having defined a risk framework and documented how personal data is being handled, the DPIA lead can now proceed to identify and assess personal data protection risks.

Complete a DPIA Questionnaire to assess the
project against PDPA requirements

Identify areas in the personal data flow which could
lead to a breach of the PDPA

Analyse the potential impact and likelihood of
identified gaps and risks

24
Q

Example of Phase 4: Identify and Assess Risk

A

In completing the DPIA Questionnaire, the DPIA lead’s considerations could include

  • What are the applicable PDPA requirements to
    be complied with?
  • Is there an excessive collection of personal
    data?
  • Are there sufficient measures in place to
    safeguard the personal data handled?
  • Are staff aware of their roles and
    responsibilities?
  • Are third party organisations aware of their
    personal data protection obligations?
25
Q

what happens in phase 5

A

Based on the various personal data protection risks identified, the DPIA lead can now create an Action Plan, which outlines the specific tasks to be taken in order to address those risks.

List the critical tasks to be taken in order to address
the various data protection risks identified

Assign the action owners responsible to address the
identified risks

Formulate a timeline for when specific tasks need to
be completed and determine it’s priority

26
Q

Example of Phase 5: Create Action Plan

A

In developing the action plan, the DPIA lead’s considerations include

  • What are the risk treatment options, taking into
    consideration the risk assessment?
  • What constraints does the organisation face?
  • What other legal requirements does the
    organisation need to consider?
  • What are the pros and cons for each
    recommendation or proposed solution?
  • How can the proposed solutions be integrated
    within the organisation’s business?
27
Q

what happens in phase 6

A

DPIA Report
* Document the whole DPIA process
* Reviewed by DPO
* Approved by Project Steering Committee

Action Plan Implementation
* Implement the plan by respective Action Owners
* Monitor outcome by Project Manager

Maintain DPIA
* Subsequent developments to the project
* Technology or security developments
* External environmental changes

Data privacy and protection (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions