Data Management Flashcards
What is GDPR and what are the key principles
Came into force in 2018 and deals with the management of personal data in the UK
Processed lawfully, fairly and transparently
Purpose limitation (collected for explicit and legitimate purposes)
Data minimisation (limited to what is necessary)
Accuracy (needs to up to date info)
Storage limitation
Integrity and confidentiality (security)
Accountability
What happens if you discover a data breach of personal data in your company?
You need to notify NHS PS data protection officer (given we have over 250 employees) immediately
What are the possible fines for GDPR breach?
Up to 20million or up to 4% of global turnover
Which organisation (outside NHSPS) should you report GDPR data breaches and in what timescale
Report to ICO within 72 Hours (ICO - information commissioners office)
what are the rights to your data under GDPR
1 Right to be kept informed 2 Right to access 3 Right to rectification 4 Right to erasure 5 Right to restrict processing 6 Right to data portability 7. Rights to object to sole automated decision making and profiling
What is the FOI Act 2000? and how is it managed within NHS PS
Gives individuals the right to access information held by public bodies
Public bodies are required to supply in 20 working days
Exceptions are if it is contrary to GDPR, it would prejudice criminal matter or prejudice commercial interest