Data Management Flashcards
1
Q
What are the 8 rights of the data subject under UK GDPR 2016?
A
- Right to be informed
- Right of access
- Right to recification
- Right of erasure
- Right to restrict processing
- Right to data portibility
- Right to object
- Right to automated decision making and profiling
2
Q
How do you keep data safe?
A
- clear desk policy
- lock my computer when not infront of it
- Keep documents in relivant files on the computer where they are backed up
- Mark documents with appropriote tages (personal, confidential, public)
3
Q
What is Data Protection Act 2018?
A
- Suppliments UK GDPR 2016
- Creates single data protection regime affecting business
- Empowers induviduals to take controll of how their data is used by 3rd parties
- Gives right to be informed about how personal info is used
4
Q
What are the key requirments of UK GDPR 2016?
A
- Obligation to conduct data protection impact assesment for holding high risk data
- New rights for induviduals
- Principal of ‘Data Accountability’ ensuring organisations can prove to ICO they are complient with new legistaltion.
- Breaches must be reported to the Information Commisionrs Office within 72 hours
5
Q
Breaches of data protection?
A
- Must be reported to Information Commisioners Office (ICO) within 72 hours
- Maximum fine is the greater of 4% of the companys global turnover or £17.5 million
- Policied by ICO
6
Q
What are the 2 key principles of UK GDPR 2016?
A
- Article 5 (1) : Principals relating to storage of personal data
- Article 5 (2) : “Controller should be responsible for and be able to demonstrate complience with these principles”
7
Q
What does Article 5 (1) UK GDPR outline?
A
Principals relating to storage of personal data
- prosessed lawfully, fairly and trasparently in relation to the induvidulas
- collected for a specific, explicit and ligitimate purpouse and not to to be further processed in an incompatable manner
- acurate, kept up to date, take reasonable steps to ensure inacurate data erasued or rectified without delay
- kept in a form which permits indentification of the subject only as long as necessery for original purpouses
- propsed in a manner that ensures security including protection against unaurthorised or unlawful processing, accidental damage loss or destruction by using techingal or organisational measures
8
Q
What verbal checks do you carry out?
A
- Call the trusted individual and ask them to verify for every new payee, change of payment details and for internal payment requests.
8
Q
What does GDPR stand for?
A
General Data Protection Regulations
8
Q
What are the 3 points of cyber security Barcleys belive in?
A
- Always conduct verbal checks
- Aim to have a single point of contact with companies and regular payees - internally and externally
- Always carry out due dilligance even if it causes delays
9
Q
Why is GDPR important?
A
- set of personal data prection laws for users and business
10
Q
How long can you retain personal data for?
A
As long as you need it for the original purpouse
check
11
Q
When can the right to erasure be rejected?
A
- If the information is held for a crucial purpose such as lease data for billing
12
Q
What are the 7 principals of GDPR?
A
- Article 5 – 7 principles of data storage
- Lawfulness, fairness and transparency
- Purpose limitation
- Data Minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability