Data Management

Question 1

How can you comply with UK GDPR when dealing with mailing lists?

Answer 1

• Only collect information that is required
• Ensure that is very clear that there are ways to unsubscribe
• Ensure you get consent from partipants to be on the mailing list

Question 2

What sorts of information a firm can reasonably retain in order to comply with other laws?

Answer 2

CHECKKK

Question 3

What Data Management Training have you undertaken?

Answer 3

• Password Protection Training
• Clear desk policy

Question 4

What systems does Cluttons have in place to ensure data security?

Answer 4

• Firewalls
• Encryption
• Regular password updates
• Two-Factor Authentication
• Anti-virus software

CHECK

Question 5

Who is UK GDPR policed by?

Answer 5

Information Commissioner’s Office (ICO)

Question 6

What are the fines for non-compliance for GDPR?

Answer 6

Fines of up to 4% of global turnover of the company or £17.5 million (which ever is greater)

Question 7

What are the individual rights under UK GDPR?
(submission)

Answer 7

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (to use for their own purposes)
7. Right to object
8. Right to automated decision making and profiling (as undertaken by insurance companies)

Question 8

What does the Freedom of Information Act (2000) outline?

Answer 8

• Gives individuals the right of access to information held by public bodies
• The public body must tell any individual requesting sight of information whether it holds it
• Normally the public body is required to supply it in 20 working days in the format requested
• It can charge for the provision of the information

Question 9

What exemptions are allowed under Freedom of Information Act 2000?

Answer 9

Contrary to the GDPR requirements

It would prejudice a criminal matter under investigation or a persons/organisations commercial interest

Question 10

How can security of data be improved?

Answer 10

Using firewalls, encryption and strong passwords

Question 11

What is Crown Copyright?

Answer 11

All material created and prepared by the Government e.g. Laws & OS Mapping

Question 12

What is copyright?

Answer 12

A set of exclusive rights granted to the author or creator of any original work, including the right to copy

Question 13

Does the EU’s GDPR apply in the UK?

Answer 13

NO - but EU’s GDPR’s was almost entirely transcribed into UK GDPR

Question 14

What is UK GDPR supplemented by?

Answer 14

Data Protection Act 2018

Question 15

What is the Data Protection Act 2018?

Answer 15

Controls how your personal information is used by organisations, businesses or the government.

It gives individuals the right to access their own personal data through subject access requests and contains rules which must be followed when personal data is processed.

Question 16

What are the key requirements of the DM & GDPR? CHECK

Answer 16

• An obligation to conduct data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and to have it erased
• A data controller decides how + why personal data is processed + is directly responsible for GDPR
• A new principle of ‘data accountability’ = organisations can prove to the ICO how they comply with the new regulations
• Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data + a risk of harm to individuals
• Fines to up 4% of global turnover of the company or £17.5million (whichever is the greater)
• Policed by the ICO

Question 17

When do data security breaches need to be reported by and who do you report them to?

Answer 17

• Within 72 hours where there is a loss of personal data + risk of harm to inviduals
• Report to ICO

Question 18

What is ISMS?

Answer 18

Information Security Management System

Question 19

What data security training have you undertaken?

Answer 19

• Regular online information security training – KnowBe4 – 2023 Common threats, Internet threats, Your Role in Information Security
• Acceptable IT Use Policy
• Mobile Device Policy
• Information Security Policy
• Phishing Emails

Question 20

Why is that information you handle valuable?

Answer 20

Identity theft, fraud, cyber attacks,

Question 21

What does Cluttons do to keep you informed about information security issues?

Answer 21

• Regular emails
• staff online training
• Updates to firm policies

Question 22

How do you ensure that data is stored correctly?

Answer 22

• Use strong passwords and two-factor authentication
• Ensure a back up your data
• Keep users groups list up to date

CHECK

Question 23

What are the key principles of UK GDPR?

Answer 23

Article 5 of the UK GDPR sets out seven key principles which lie at the heart of the general data protection regime.

The UK GDPR sets out seven key principles:
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability