Chapter 7 Regulatory processes systems and controls

Question 1

What is a data controller?

Answer 1

The party who keeps personal data on their customers and determines how and why it is processed

Question 2

What is a data processor?

Answer 2

An organisation who processes data on a data controller’s behalf

Question 3

Under GDPR who can be liable to customers if their personal data is breached?

Answer 3

Both the data controller and the data processor.

Question 4

Identify eight principles of the EU General Data Protection Regulation.

Answer 4

~~~
Data must be:
1. Fairly and lawfully processed
2. Process limitation Processed for limited purposes
3. Data minimisation - Adequate, relevant and not excessive
4. Accuracy
5. Storage limitation Not kept longer than necessary
6. Integrity and confidentiality

Question 5

Identify eight special categories of personal data under the GDPR where more stringent protection conditions apply.

Answer 5

Ethnic or racial origin.
Political opinions.
Religious beliefs or other beliefs of a similar nature.
Trade union membership.
Physical and mental health.
Sexual life.
Commission or alleged commission of an offence.
Any proceedings for any offence committed or alleged to be committed,

Question 6

Identify seven requirements regarding a data subject giving consent for their data to be processed under the GDPR.

Answer 6

Consent must be:
Freely given
Specific
Informed
Unambiguous 
Positive opt in
Easy to withdraw
Separate from other terms and conditions

Question 7

Identify eight rights of a data subject under the GDPR

Answer 7

The right to be informed.
The right of access.
The right to rectification.
The right to erasure.
The right to restrict processing.
The right to data portability.
The right to object.
Rights in relation to automated decision making and profiling

Question 8

Under the data protection laws, who is the data subject?

Answer 8

The person whose data is held.

Question 9

What is the age below which parental consent is required under the Data Protection Act 2018

Answer 9

13

Question 10

What Act implements the GDPR into English law?

Answer 10

Data Protection Act 2018

Question 11

What is the maximum fine under the Data Protection Act 2018?

Answer 11

Euro20million or 4% of turnover

Question 12

What are the three stages of money laundering?

Answer 12

Placement
Layering
Integration

Question 13

The process by which money obtained illegally is converted to legitimate funds is called?

Answer 13

Money Laundering

Question 14

Under the Proceeds of Crime Act (2002) who must insurers nominate to make disclosures to the Serious Organised Crime agency?

Answer 14

Money laundering reporting officer

Question 15

Identify four offences under the Bribery Act 2010

Answer 15

Pay bribe
Receive bribe
Bribe foreign official
Failure of commercial organisation to have adequate procedures to prevent bribery

Question 16

The process of establishing a new client’s identity is known as?

Answer 16

Client verification

Question 17

What are the three stages of money laundering?

Answer 17

Placement
Layering
Integration

Question 18

The process by which money obtained illegally is converted to legitimate funds is called?

Answer 18

Money Laundering

Question 19

Under the Proceeds of Crime Act (2002) who must insurers nominate to make disclosures to the Serious Organised Crime agency?

Answer 19

Money laundering reporting officer

Question 20

Identify four offences under the Bribery Act 2010

Answer 20

Pay bribe
Receive bribe
Bribe foreign official
Failure of commercial organisation to have adequate procedures to prevent bribery

Question 21

The process of establishing a new client’s identity is known as?

Answer 21

Client verification

Question 22

Identify 3 principal money laundering offences under the Proceeds of Crime Act (2002)

Answer 22

• concealing, transferring, converting, or removing criminal property.
• making arrangements in respect of criminal property
• acquiring, using or possessing criminal property
• offences of failing to report suspected money laundering;
• offences of tipping off about a money laundering disclosure (a suspicious report) or investigation.

Question 23

What is the maximum criminal sanction for money laundering offences?

Answer 23

a maximum prison sentence of 14 years, an unlimited fine, or both

Question 24

Identify relevant persons unde Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Answer 24

credit and financial institutions (which includes insurers and brokers);
* auditors, insolvency practitioners, accountants and tax advisers;
* lawyers;
* trust or company service providers;
* estate agents;
* high value dealers (any business or sole trader that accepts or makes high value cash payments of €10,000 or more for goods); and
* casinos.

Question 25

What must relevant persons do under