Data Management Flashcards

1
Q

What are the 7 principles of GDPR?

A
  1. Lawfulness, Fairness, and Transparency;
  2. Purpose Limitation;
  3. Data Minimisation;
  4. Accuracy;
  5. Storage Limitations;
  6. Integrity and Confidentiality;
  7. Accountability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the maximum levels of fines handed out under GDPR?

A

Fines of up to £17.5 million under the UK GDPR, €20 million under the EU GDPR or 4% of annual global turnover can be issued for infringements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

EU GDPR vs UK GDPR - What is the difference?

A

Initially the UK was under the EU’s GDPR, but upon withdrawal from the European Union in 2021, this was brought into UK law with the GDPR (UK version). This mirrors the EU GDPR, and is what now applies to UK citizens.
The EU GDPR of course still applies with regard to processing of data of those within the EU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between the Data Protection Act 2018 and GDPR?

A

Broadly, the DPA 2018 is the UK’s implementation of the GDPR, and is the act of parliament that introduces it into UK Law. It provides

  • Additional detail around processing of special categories of personal data and data relating to criminal convictions and offences.
  • Exemptions from GDPR for national security and defence
  • Specifics regarding law enforcement and intelligence processing in UK
  • Detail about information commissioner role and general function
  • The enforcement process of data protection legislation; penalty notices, appeals, what constitutes an offence etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Is there any other data regulations in the UK that sit alongside GDPR and the DPA?

A

The Privacy and Electronic Communications Regulations 2003 (PECRs) sit alongside the Data Protection Act 2018 and the UK GDPR within the UK’s data privacy regime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain what the PECR 2003 (The privacy and electronic communications regulations) Act covers.

A

It covers:
- marketing by email, phone, text and fax; - Must have consent, consent must be clear to consumer.
- use of cookies on the internet - must tell people what cookies are being used on browser to collect info and why
- Privacy by telephone or other communication network providers - specific requirement for these providers.

Applies to business to business communications too

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the rights under GDPR?

A

• The right to be informed.
• The right of access.
• The right of rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights to not be subject to decisions made by automated decision making and profiling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly