Data Management Flashcards
What are the benefits of cloud based storage systems?
Information is backed up securely on encrypted servers
Accessibility can be managed via online settings
Cloud systems are often cheaper than the cost of physically storing and managing files
More convenient to send and share files online (as opposed to sending physical copies)
Cloud systems have environmentally friendly benefits
Multiple users can utilise folders and documents
Documents and folders can be synchronised
What is the meaning of a non disclosure agreement?
Non disclosure agreements are used to protect against the disclosure or sharing of any confidential data
Prior to the confidential data being shared with a recipient, clients will typically request that the recipient signs up to an NDA
Often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being caused by competitors
If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?
Make client aware of risks
Conflict of interest
Letter of instruction to continue
Negate risk by
- exclusivity of staff
- use of NDAs
- single Communication Lines in to client
- separate working locations
- use of secure storage
Who are they key persons outlined within GDPR?
Controller
Processor
Data Protection Officer (DPO)
In terms of ‘GDPR’ who is the ‘controller’?
The natural person or legal entity that determines the purposes and means of the processing of personal data (eg, when processing an employee’s personal data, the employer is considered to be the controller)
In terms of ‘GDPR’ who is the ‘processor’?
A natural person or legal entity that processes personal data on behalf of the controller (eg, a call centres acting on behalf of its client) is considered to be a processor.
At times, a processor is also called a third party.
In terms of ‘GDPR’ who is the DPO?
Data Protection Officer
A leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.
What are the 8 individual rights under GDPR?
The right to be informed
The right of access
The right of rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights of automated decision making and profiling
What things must companies put in place to ensure GDPR compliance?
Raise awareness across your business
Audit all personal data
Update your privacy notice
Review your procedures supporting individuals’ rights
Identify and document your legal basis for processing personal data under the GDPR
Review how you seek, obtain and record consent
How is data managed and protected in your firm?
Secure document storage
Back up of documents
Sharing / Confidentiality of documentation
Common data standards
Formatting / standardisation of reports
Data sharing with Internal and External Teams
Paper form/ Digital form
What is GDPR?
General Data Protection Regulation 2016 is a regulation EU law on data protection and privacy in the EU and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
What does it mean to be GDPR compliant?
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
Non-compliance can cost companies dearly.
What are the 7 principles of GDPR?
Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security).
Accountability.
What things must companies put in place to ensure GDPR compliance?
Raise awareness across your business
Audit all personal data
Update your privacy notice
Review any procedures supporting individual’s rights
Identify and document legal basis for processing personal data under GDPR
Review how we seek, retain and record consent
What is ‘Copyright’?
Set of exclusive rights granted to creator of work - form of intellectual property
Rights can be licenced, assigned, or transferred
How does copyright apply in your work?
All material prepared by Government is copyrighted
Eg
- Laws
- OS mapping
- Public records
Can you tell me about the Commissioners for Revenue and Customs Act 2005, and some of its relevant sections?
Applies to all HMRC officers
Act expressly provides duty to keep information confidential, with criminal penalties for wrongful disclosure
Section 17 - allows sharing of information between HMRC & VOA (eg SDLT returns)
Section 18 - permits disclosure of information outside VOA/ HMRC in line with our functions. Must be proportionate and necessary
Section 19 - makes it criminal to disclose information that can identify an individual unless covered by section 18
What two rights did the ‘Freedom of Information Act 2000’ give in regard to requesting information from public bodies?
- If information is held
- For information to be communicated
How quickly must an Authority respond to an FOIA request?
Within 20 days
What are the reasons for refusing an FOIA request?
Prejudice criminal matter under investigation or a person’s commercial interest
Too costly or too much staff time
The request is vexatious
The request is a repeat of previous from same person
Contrary to GDPR
Can VOA disclose property related information under FOIA?
No, as it could be used to identify an individual
In the VOA, how quickly must a GDPR breach be reported?
Within 72 hours of becoming aware
A Dedicated Data Protection Officer (DPO) is …… for all public authorities
required