Data Management

Question 1

What do you think of emails?

Answer 1

Emails are great, however I need to take great care when sending e-mails. It is easy to release sensitive information to incorrect parties. Always take care to double check recipients prior to issue, even though emails appear less formal than written letters they can still have the ability to create contracts and form written instructions.

Question 2

How does your firm store data in a safe and appropriate manner?

Answer 2

All stored on a central DMS, Rapleys have a data protection policy which works in line with GDPR and the Data Protection Act 2018. This includes the DMS to be reguarly backed up offline. We are unable to use USB sticks and have a clean desk policy to maintain. Documents no longer in use must be shredded and computers lock automatically after short periods of time. Authentication is required when logging in from outside the office or for external apps.

Question 3

What are the 8 individual rights under GDPR?

Answer 3

the rights to be:
Informed
Access
Rectification
Erasure
Restrict Processing
Data Portability
Object
Automated decision making

Question 4

What is the freedom of information Act 2000

Answer 4

Gives individuals the right of access to information held by public bodies.
Normally public bodies are required to supply information within 20 working days of a formal request.
It can charge for the provision of the information.

Question 5

Who do you report data breaches to?

Answer 5

The ICO (Information Comisssioner’s Office) within 72 hours if personal data and a risk of harm to individuals

Question 6

What possible fines are there?

Answer 6

4% of global turnover or (e)20 million euroes whichever is greatest.

Question 7

What is the Data Protection Act 2018?

Answer 7

It is the UK’s implementation of GDPR. The Act is a complete data protection system so as well as governing personal data covered by GDPR, it covers all other general data as previously covered by the 1998 Act.

Question 8

When did the Data Protection Act 2018 come into force?

Answer 8

May 2018 and it replaced the Data Protection Act 1998.

Question 9

Does GDPR apply post Brexit ?

Answer 9

Yes, many aspects of GDPR will be converted into UK Law on 1st Jan 2021 under the titles UK GDPR. in turn companies will still need to comply

Question 10

What will the changes include (GDPR post Brexit)?

Answer 10

What will the changes include (GDPR post Brexit)?

Question 11

What are the 7 GDPR principles? - LADSPAS

Answer 11

Lawfulness, fairness and transparency – leave the individual fully informed
* Accuracy – where necessary kept up to date, erase inaccurate personal data without dela
* Data minimisation – collect the minimum data you need
* Storage limitation – Retain the data for a necessary limited period and then eras
* Purpose limitation – must inform your clients about the purpose of the data collection
* Accountability – Record and prove compliance
* Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall

Question 12

What does GDPR stand for ?

Answer 12

General Data Protection Regulation

Question 13

Why do you keep company data for 12 years?

Answer 13

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

Question 14

What are ISO Standards ?

Answer 14

International Organisation for Standardisation. An international standard setting body of representatives from varying national standards.
* ISO 9000 – Quality Management Systems
* ISO 8000 – Data Quality
* ISO 14001 – Environmental Management Systems
* ISO 45001 – Health and safety

Question 15

What is the limitations act ?

Answer 15

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

Question 16

Can you give me some example of the data you manage ?

Answer 16

• Client details
• Contact details
• Project details
• Complaints
• etc

Question 17

What is personal data ?

Answer 17

Personal data only includes information relating to natural persons who:
* can be identified or who are identifiable, directly from the information in question; or
* who can be indirectly identified from that information in combination with other information.
* Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.

Question 18

What are the UK GDPR Principles ? - LAPDAS

Answer 18

The UK GDPR sets out seven key principles:
* Lawfulness, fairness and transparency
* Purpose limitation
* Data minimisation
* Accuracy
* Storage limitation
* Integrity and confidentiality (security)
* Accountability

Question 19

What is the process if there is a data breach ?

Answer 19

The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
* If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
* You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.
* You must also keep a record of any personal data breaches, regardless of whether you are required to notify.

Question 20

What is the Data Protection Act 2018 ?

Answer 20

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government

Question 21

What are the principles of the Bribery Act ?

Answer 21

PCRCDM
* Proportionality
* Commitment (Top Level)
* Risk assessment
* Communication
* Due Diligence
* Monitor and Review

Question 22

What kind of information is ‘sensitive’ information?

Answer 22

Health records, financial information, address, educational records etc

Question 23

Why do the General Data Protection Regulations 2018 exist?

Answer 23

A
To control how your personal information is used by organisations, businesses or the government

Question 24

How long do you keep client’s data and how do you ensure it is deleted when necessary?

Answer 24

Dependent on the type of data and the contract
* Under hand - 6 years
* Under deed - 12 years
* Limitations act – 15 years

Question 25

What types of breaches are there under GDPR ? DDA

Answer 25

• Disclosure
• Destruction
• Alteration

Question 26

What is copyright ?

Answer 26

Copyright is an intellectual property right assigned automatically to the creator. It prevents unauthorised copying and publishing of an original work. Copyright applies to research data and plays a role when creating, sharing and reusing data.