Data Management Flashcards
What is Data Protection?
Data protection is the fair and proper use of information about people.
A persons right to privacy.
It’s about treating people fairly and openly, recognising their right to have control over their own identity and their interactions with others, and striking a balance with the wider interests of society.
What is personal data?
Personal data means information about a particular living individual.
Doesn’t necessarily need to be private
What is the Data Protection Act 2018?
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
The DPA 2018 sets out the framework for data protection law in the UK
The act states that anyone that is responsible for using and handling personal data must follow the data protection principles to ensure the data is no misused.
When was the Data Protection Act 2018 last updated?
January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.
What is the UK General Data Protection Regulation (GDPR)?
It is a UK law which came into effect on January 2021.
It sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies.
It is based on the EU GDPR which applied in the UK before that date, with some changes to make it work more effectively in a UK context
What are the 6 data protection principles under the Data Protection Act 2018?
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
What personal data has stronger protections?
- Ethnic background
- Political opinions
- Religious beliefs
- Health
- Sexual life
- Criminal history
Why is it important to protect personal data?
- Safety
- Security
- Trust and honesty
- Professionalism
Who is a controller?
- A controller is the person that decides how and why to collect and use the data. This will usually be an organisation, but can be an individual (eg a sole trader).
- If you are an employee acting on behalf of your employer, the employer would be the controller.
- The controller must make sure that the processing of that data complies with data protection law.
- The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller.
Who is a processor?
- A processor is a separate person or organisation (not an employee) who processes data on behalf of the controller and in accordance with their instructions. Processors have some direct legal obligations, but these are more limited than the controller’s obligations.
- EXAMPLE: a call centre acting on behalf of its client is considered to be a processor.
Who is a Data Protection Officer?
The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A Data Protection Officer is responsible for overseeing the data protection approach, strategy, and its implementation.
What are your rights under the Data Protection Act 2018?
You have the right to find out what information the government and other organisations store about you.
- The right to be informed.
- The right of access.
- The right of rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights of automated decision making and profiling (predicted behaviours and interests).