Data Handling Legislation

Question 1

actions to ensure compliance with GDPR

Answer 1

• data should be protected - shredded when finished with, computer screens locked
• staff should ensure they attend GDPR training - especially new staff
• only collect and store relevant data and ensure data is only used for its original purpose
• ensure organisation is registered with the ICO
• organisations must keep evidence of permission from subjects to store data
• have processes for subjects to opt in and out of data storage

Question 2

principles of GDPR

Answer 2

• Personal data shall be accurate and kept up to date
• Personal data shall be processed securely
• personal data shall be kept no longer than necessary
• personal data will be collected for a specific and lawful purpose

Question 3

features of the Computer Misuse Act

Answer 3

• no unauthorised access of computer material
• no unauthorised access with the intent to commit or help further offences
• no unauthorised changes to computer material

Question 4

features of the Freedom of Information Act

Answer 4

• gives individuals the right to request access to information held by public organisations
• if the organisation holds any information relating to the request, then they must tell the applicant
• some information is excluded from being accessed by the public
• public organisations must be aware that information they hold could potentially be viewed by the public
• when a request is made, the organisation must let the member of the public know when they can expect to receive the information
• the organisation must respond within 20 working days

Question 5

name the 4 types of data protection legislation

Answer 5

• GDPR
• copyright, design and patents act
• freedom of information act
• computer misuse act