Data Management Flashcards
What is confidentiality?
confidential information held electronically, verbally or in hard copy that must not be disclosed unless required or permitted by law or the party concerned.
Why is it important to prevent data breaches?
Security of data is essential to maintain client confidentiality
Are you aware of any legislation regarding data protection?
Data Protection Act 2018 and UK GDPR 2018
The Data Protection Act implemented into UK Domestic Law the EU GDPR as the UK GDPR
Relates to rights of personal data.
What is the fine for a data breach?
The greater of 4% of annual turnover or £17.5mil
What are the 8 individual rights under GDPR?
- be informed
- access
- rectification
- object
- processing
- profiling and automated decision making
- portability
- erasure
How do you store data safely?
In password protected files that are only accessible to those that require it.
What regulations do businesses follow under UK GPDR?
- provide a copy of personal data if it required
- customers have rights to be forgotten
- if client is no longer a client, their data must be eradicated
What are the protocols if data is breached?
- inform the client and whoever the mistake has been sent to, ask them to delete and not open the email
- if receving an email sent to me by mistake, inform the sender, do not open and delete.
What are the principles of UK GDPR?
According to artical 5, personal data stored should be;
- lawfully processed
- only collected for specific purposes
- adequate, relevant and limited to necessary information
- accurate
- kept for no longer than necessary
- processed in a manner that ensure appropriate security
What is data security?
security against corruption and suitable controlled access to ensure privacy;
eg disk encryption, regular backups, password protection/updates, firewalls
How do you prevent data breaches?
Update computer/email passwords regularly
Lock computers and don’t leave notes out
Never leave notes/information in view in the car when driving to inspections/viewings
What is a data processor?
an external third party to process personal data on behalf of the controller
What is a data regulator?
someone who determines the purpose for which data is processed and the manner in which is it so
What are the key requirements of the Data Protection Act?
- an obligation to conduct data protection impact assessments for high risk holding of data
- a data controller decides how and why personal data is processed and is directly responsible for GDPR
- data breaches must be reported to the ICO within 72 hours where there is a loss of personal data.
What is personal data?
data that identifes a person eg name, address, d.o.b