Data Management Flashcards

1
Q

What is the Data Protection Act 2018?

A

UK’s implementation of the General Data Protection Regulation 2016 (GDPR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is GDPR?

A

It aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties.

It gives people the right to be informed about how their personal information is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When did GDPR come into force?

A

25th May 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the key requirements under GDPR?

A

Obligation to conduct data protection impact assessments for high risk holding of data.

New rights for individuals to have access to information on what personal data is held and to have it erased.

A data controller decides how and why personal data is processed and is directly responsible for GDPR.

‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations`

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happened is GDPR is breached?

A

“Data security breaches need to be reported to Information Commissioners Office (ICO)

Within 72 hours where there is a loss of personal data and a risk of harm to individuals.

A fine amounting to whichever is greater out of 4% of global turnover of the company responsible or £17.5m (whichever is the greater).”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 8 individual rights under UK GDPR?

A
  1. Right to be informed
  2. Right of access
  3. Right to rectification
    4, Right to erasure
  4. Right to restrict processing
  5. Right to data portability (to uses for own purposes)
  6. Right to object
  7. Right to automated decision making and profiling (as undertaken by insurance companies).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

“What does Article 5(1) of GDPR state in
relation to the processing of data?”

A

Data must be processed lawfully, fairly and in a transparent manner in relation to individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How has your firm changed their data
management practices to comply with GDPR?

A

“Conducted data protection impact assessments i.e. evaluated risks associated with holding information about individuals.

Ensure data accountability through the appointment of a named data controller.

Contacted individuals who were on distribution lists to confirm that they wanted to be contacted.

Trained staff.

Ensured correct firewalls were in place to ensure appropriate security of personal data”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

“Under GDPR, would you be able to transfer
personal data you hold outside of the UK?”

A

GDPR restricts transfers of personal data outside the European Economic Area (EEA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who has received the largest fine under GDPR?

A

British Airways received a £183m fine in 2019 after hackers stole the personal data 500,000 customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Freedom of Information Act 2000?

A

Gives individuals the right of access to information held by public bodies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the Freedom of Information Act 2000 require of public bodies?

A

Public body must tell any individual requesting sight of information whether it holds it.

Normally the public body is required to supply information in 20 working days in the format requested.

It can charge for the provision of the information”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the elements of a Non-Disclosure Agreement (NDA)?

A

“Identification of the parties

Definition of what is deemed to be confidential

Scope of the confidentiality obligation by the receiving party

The exclusions from confidential treatment
The length of term of the agreement”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can security of data be improved?

A

Disk encryption - encrypting data on a secure hard disk drive

Regular back ups off site

Password protection

Use of anti-virus software protection

Firewalls and disaster recovery procedures”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are MSCI Real Estate indicies?

A

Indices which provide investment performance statistics for owners and investors / fund management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the difference between DPA & GDPR

A

DPA is the UK’s adoption of the EU’s GDPR.

GDPR is focussed on empowerment of personal data & personal rights.

DPA is what the UK GDPR is supplemented by and also effects business.

17
Q

“What does Article 5(1) of GDPR state in relation to the processing of data?”

A

Data must be processed lawfully, fairly and in a transparent manner in relation to individuals.

Collected for specified and legitimate reasons.

Accurate and where necessary kept up to date.

18
Q

What is the fin amounting to Data security breaches

A

Policed by the ICO.

Either 4% of global turnover or £17.5m - whichever is greater

19
Q

What are the benefits of a cloud based system.

A

More sustainable and cheaper
Encrypted
Accessible online

20
Q

What is encryption

A

Converting data into a format that requires encryption key to decypher

21
Q

How long can a company hold data for?

A

Minimum amount of time possible.

Usually 6 years.

22
Q

How does Bloom comply with data security

A

We have regard for and adhere to the DPA 2018 & UK GDPR and understand individual rights under the act

We have a dedicated Data protection officer / controller

We have training at least once a year.

Installed two-step verification & firewalls.

Adhere to mailing list GDPR