Data Management Flashcards
Explain the result of a breach in GDPR?
Substantial fines of up to £17.5 million or 4% of global turnover - whichever is greater.
What are the key data protection principles of GDPR?
Lawful, fair, transparent Accuracy Data minimisation Data sensitivity Purpose limitation Accountability Storage limitation Integrity and confidentiality
LADSPAS
What is the Data Protection Act 2018?
▪ The act replaces previous 1998 legislation and manages how personal data is processed by organisations and the government.
▪ It is the UK legislation for the implementation of the EU General Data Protection Regulations (GDPR).
What are the key Principles of the Data Protection Act 2018?
▪ The act ensures that data is:-
• Used fairly, lawfully and transparently.
• Used in a way that is adequate, relevant and limited to only the purpose
it is intended.
• Is retained for no longer than is necessary.
• Processed securely including the protection against unlawful use, loss or destruction.
Who are the key persons outlined within GDPR?
▪ Controller
• The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller.
▪ Processor
• A natural person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor.
▪ Data Protection Officer (DPO)
• The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.
What are a person’s rights under the Data Protection Act?
People have the right to:-
• To be informed about how their data is being used.
• The right to access their data.
• The right to have incorrect information updated.
• To have their data erased.
• To stop or restrict the processing of their data.
• The right of portability.
• To object to the use of their data.
How do you comply with GDPR within your role?
Data security - online data and security measures. (passwords, two way authentication, secure desktop).
Data minimisation - only collecting data which is necessary for the instruction.
Purpose limitation - only using the data for the relevant instruction
How do you collect and store data within your organisation?
I collect data from published sources or directly from client contacts. Data is stored in the folder for the specific job, on a secure desktop and kept for a period of 6 years.
What would you class as personal data?
Any information that could be used to identify an individual.
Do you have to report every breach of personal data?
No, there are examples on the ICO website.
Data risk from using a drone?
Taking photos of general public without consent. To prevent, a company may letter drop, announce the use of the drone, erect signage. Evidence that you followed guidelines and pre planned flight to minimise data capture. Review immediately and delete data, delete date as soon as it has been used.
What is the time limit to report a breach of data?
72 hours
How long would you keep records of due diligence checks of clients? (PS - Countering Bribery, Corruption, Money Laundering and Terrorist Financing 2018)
5 years
What are the penalties for breaching NDA?
Sued for damages or subject to an injunction? Contractual agreement
How do you disclose information to insurers and RICS?
Seek consent in ToE