Data Management Flashcards
What is a Subject Access Request
when a user requests information under Article 15 of GDPR
If a tenant would like access to some CCTV footage, what is required?
Subject Access Request
- liaise with data protection officer on what is required and what can be given
What are the fines for breaching GDPR
4% of global annual turnover or up to 20 million euros
What is a firewall
Network security system that monitors and controls incoming and outgoing network traffic, based on predetermined security rules
What is encryption
Mathematical function that codes data so only authorized users can access it
- Makes readable text unreadable unless a code or decryption key is known
What are the principles of GDPR and DPA 2018
Information must be used lawfully and transparently
Information must be collected for a legitimate and specified purpose
Information must be adequate and limited to necessity
Information must be accurate and kept up to date
Information must be kept safe and no longer than necessary
What are the obligations of GDPR
Must have knowledge of the data you store and process
Must be able to delete every instance of an individuals data
Must demonstrate compliance in managing data
Must offer data portability
Must be able to prove how information is being processed
What are individuals rights with respect to data?
Right to be informed
Right to access
Right to rectification
Right to restrict processing
Right to erasure
The right to Object
Right to data portability
How do you treat / manage confidential information
Conduct data reviews
Anonymise data where possible
Encrypt data here possible
Treat commercial data as personal data
Understand what data we hold and how it is processed
Password protection and secure data sites
Use of firewalls
Have a breach policy response
How do you protect data?
Anonymise data where possible
Encrypt data here possible
Understand what data we hold and how it is processed
Password protection and secure data sites
Use of firewalls
Report suspected breaches
Have a breach policy response
What other legislation is there relating to data management apart from GDPR and Data protection Act 2018?
Freedom of information act 2000
Limitations Act 1980
How long can you hold data for?
No specific time limit – GDPR says no longer than necessary. Organisations privacy policy should dictate
As short as possible and as agreed with the data subject
Why was GDPR introduced?
To consolidate data protection laws across EU member countries and provide greater protection and rights to individuals
Why is it important that data is uploaded correctly
To ensure protection of individuals data and compliance with legislation
When are you allowed to upload data / share date? How did you know you were allowed to do this?
Firms privacy notice dictates what data we hold, how it is processed and also how and when we might share with a third party and which third party it would be shared with.
For example, at the sale of a property.
This privacy notice is issued to all tenants.