Data Management Flashcards

1
Q

What do you think of emails?

A

Emails are great, however I need to take great care when sending e-mails. It is easy to release sensitive information to incorrect parties. Always take care to double check recipients prior to issue, even though emails appear less formal than written letters they can still have the ability to create contracts and form written instructions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does your firm store data in a safe and appropriate manner?

A

All stored on a central DMS, Rapleys have a data protection policy which works in line with GDPR and the Data Protection Act 2018. This includes the DMS to be reguarly backed up offline. We are unable to use USB sticks and have a clean desk policy to maintain. Documents no longer in use must be shredded and computers lock automatically after short periods of time. Authentication is required when logging in from outside the office or for external apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 8 individual rights under GDPR?

A

the rights to be:
Informed
Access
Rectification
Erasure
Restrict Processing
Data Portability
Object
Automated decision making

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the freedom of information Act 2000

A

Gives individuals the right of access to information held by public bodies.
Normally public bodies are required to supply information within 20 working days of a formal request.
It can charge for the provision of the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who do you report data breaches to?

A

The ICO (Information Comisssioner’s Office) within 72 hours if personal data and a risk of harm to individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What possible fines are there?

A

4% of global turnover or (e)20 million euroes whichever is greatest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Data Protection Act 2018?

A

It is the UK’s implementation of GDPR. The Act is a complete data protection system so as well as governing personal data covered by GDPR, it covers all other general data as previously covered by the 1998 Act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When did the Data Protection Act 2018 come into force?

A

May 2018 and it replaced the Data Protection Act 1998.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does GDPR apply post Brexit ?

A

Yes, many aspects of GDPR will be converted into UK Law on 1st Jan 2021 under the titles UK GDPR. in turn companies will still need to comply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What will the changes include (GDPR post Brexit)?

A

What will the changes include (GDPR post Brexit)?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 7 GDPR principles? - LADSPAS

A

Lawfulness, fairness and transparency – leave the individual fully informed
* Accuracy – where necessary kept up to date, erase inaccurate personal data without dela
* Data minimisation – collect the minimum data you need
* Storage limitation – Retain the data for a necessary limited period and then eras
* Purpose limitation – must inform your clients about the purpose of the data collection
* Accountability – Record and prove compliance
* Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does GDPR stand for ?

A

General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why do you keep company data for 12 years?

A

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are ISO Standards ?

A

International Organisation for Standardisation. An international standard setting body of representatives from varying national standards.
* ISO 9000 – Quality Management Systems
* ISO 8000 – Data Quality
* ISO 14001 – Environmental Management Systems
* ISO 45001 – Health and safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the limitations act ?

A

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can you give me some example of the data you manage ?

A
  • Client details
  • Contact details
  • Project details
  • Complaints
  • etc
17
Q

What is personal data ?

A

Personal data only includes information relating to natural persons who:
* can be identified or who are identifiable, directly from the information in question; or
* who can be indirectly identified from that information in combination with other information.
* Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.

18
Q

What are the UK GDPR Principles ? - LAPDAS

A

The UK GDPR sets out seven key principles:
* Lawfulness, fairness and transparency
* Purpose limitation
* Data minimisation
* Accuracy
* Storage limitation
* Integrity and confidentiality (security)
* Accountability

19
Q

What is the process if there is a data breach ?

A

The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
* If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
* You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.
* You must also keep a record of any personal data breaches, regardless of whether you are required to notify.

20
Q

What is the Data Protection Act 2018 ?

A

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government

21
Q

What are the principles of the Bribery Act ?

A

PCRCDM
* Proportionality
* Commitment (Top Level)
* Risk assessment
* Communication
* Due Diligence
* Monitor and Review

22
Q

What kind of information is ‘sensitive’ information?

A

Health records, financial information, address, educational records etc

23
Q

Why do the General Data Protection Regulations 2018 exist?

A

A
To control how your personal information is used by organisations, businesses or the government

24
Q

How long do you keep client’s data and how do you ensure it is deleted when necessary?

A

Dependent on the type of data and the contract
* Under hand - 6 years
* Under deed - 12 years
* Limitations act – 15 years

25
Q

What types of breaches are there under GDPR ? DDA

A
  • Disclosure
  • Destruction
  • Alteration
26
Q

What is copyright ?

A

Copyright is an intellectual property right assigned automatically to the creator. It prevents unauthorised copying and publishing of an original work. Copyright applies to research data and plays a role when creating, sharing and reusing data.