Data Management Flashcards
What are some examples of data security technologies?
- Disk encryption
- Regular backups off site
- Password protection
- Anti-virus software
- Firewalls
What is copyright?
Exclusive rights granted to the author of any original work including the rights to copy.
Rights can be licensed, assigned or transfered.
What is UK GDPR?
Regulations on personal data handling
Why was the UK GDPR introduced?
To respond to changes to technology and the increasing use of technology.
Does the EU GDPR apply to the UK?
No, this was scrapped after Brexit. UK has its own GDPR (2018).
What is the Data Protection Act 2018?
It’s the UK’s implementation of the GDPR. Controls how your personal information is used
What is the aim of the Data Protection Act 2018?
To create a single data protection regime for businesses and individuals to control how their data is used by 3rd parties. Gives people rights to be informed about how their personal information is used.
What are the key requirements on the Data Protection Act 2018?
- Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data or risk of harm to individuals
- New rights for individuals to have access to what personal information is held and to have it erased
What are the penalties of non-compliance?
Fines up to 4% of global turnover or £17.5 million (whichever is greater)
Who policies data protection?
Information Commissioners Office (ICO)
What are your rights under the Data Protection Act?
There are 8 individual rights under the UK GDPR:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights to automated decision making and profiling
What are the 7 key principles of the UK GDPR?
Data must be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and up to date
- Kept for no longer than necessary
- Kept secure
- The controller is accountable
How are you compliant with GDPR with regards to mailing lists?
Can only add someone to a mailing list or send marketing if they have given permission
Other than GDPR what did the DPA 2018 introduce?
New offences: recklessly obtaining data, storing data without consent
What information can a firm retain to comply with other laws?
ID for AML checks
What systems does your firm have in place to ensure data security?
Password protected systems and files
How would you send sensitive information?
- Password protected files
- Encryption
- Use of firewalls and anti-virus software
- Clear desk policy and locking away confidential documents
- Regular change of password
How would you deal with a data breach?
- Report to the ICO within 72 hours
- Report to my IT department
- Inform clients and those affected
How can you secure your own data?
- Not clicking on junk / phishing emails
- Only log on to secure wifi
- Not sharing passwords
- Safely dispose of personal data
- Lock laptop away at night
- Encrypt data
- Use security software
How can you send data securely?
- Password protected
- Encrypted files
What must you do before sending marketing emails to a client?
Ensure that they have ‘opted in’ and provided consent.
What is the Freedom of Information Act 2000?
Gives individuals the right of access to information held by public bodies.
Public body must tell the individual whether it holds the information – required to supply info within 20 days.
What are the exemptions to the Freedom of Info Act?
- Contravenes with GDPR requirements
- Involves a criminal matter under investigation
What is an NDA? / How does it work?
A binding contract between two or more parties that prevents sensitive information being shared with others. Maintains confidentiality.
