Data Management Flashcards

1
Q

What is GDPR and what are the key principles

A

Came into force in 2018 and deals with the management of personal data in the UK

Processed lawfully, fairly and transparently
Purpose limitation (collected for explicit and legitimate purposes)
Data minimisation (limited to what is necessary)
Accuracy (needs to up to date info)
Storage limitation
Integrity and confidentiality (security)
Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What happens if you discover a data breach of personal data in your company?

A

You need to notify NHS PS data protection officer (given we have over 250 employees) immediately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the possible fines for GDPR breach?

A

Up to 20million or up to 4% of global turnover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which organisation (outside NHSPS) should you report GDPR data breaches and in what timescale

A

Report to ICO within 72 Hours (ICO - information commissioners office)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what are the rights to your data under GDPR

A
1 Right to be kept informed
2 Right to access
3 Right to rectification
4 Right to erasure
5 Right to restrict processing
6 Right to data portability
7. Rights to object to sole automated decision making and profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the FOI Act 2000? and how is it managed within NHS PS

A

Gives individuals the right to access information held by public bodies
Public bodies are required to supply in 20 working days
Exceptions are if it is contrary to GDPR, it would prejudice criminal matter or prejudice commercial interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly