Data Management Flashcards
What is GDPR?
- General Data Protection Regulation
- EU’s GDPR no longer applied to UK but new UK GDPR basically the same
- UK GDPR is covered by the Data Protection Act (2018)
- Aims to create a single data protection regime affecting businesses
- Empowers individuals to take control of how their data is used by third parties
What are the key requirements of GDPR?
- Obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- Data protection officer oversees GDPR compliance and decides how and why personal data is processed
- Data accountability – organisations can prove to the ICO how they comply with new regulations
- Data security breaches need to be reported to ICO within 72 hours
What are the penalties?
Up to 4% global turnover of the company or £17.5 million (whatever is the greater)
Who is the GDPR policed by?
Information Commissioners Office (ICO)
What are the individual rights under the UK GDPR?
- Right to be Informed
- Right to Access
- Right to Erasure
- Right to Object
- Right to Data portability (to use for their own purposes)
- Right to Restrict processing
- Right to Rectification
- Right to Automated decision making and profiling (as undertaken by insurance firms)
What are the principles of the UK GDPR relating to storing personal data?
- Article 5(1):
o Proceeded lawfully, fairly and transparently
o Collected for specified, explicit and legitimate purposes
o Adequate, relevant and limited to what is necessary for the purposes for which they are processed
o Accurate and where necessary kept up to date
o If inaccurate must be erased or rectified without delay
o Kept in form which permits identification for no longer than necessary
o Process in a manner that ensures appropriate security of the personal data - Article 5(2):
o Controller should be responsible for and be able to demonstrate compliance with the principles
What is the Freedom of Information Act (2000)?
- Gives individuals the right of access to information held by public bodies
- Public body must tell if they hold the information
- Public body is required to supply it in 20 working days in the format requested
- It can charge for the provision of the information
What are the exemptions of the Freedom of Information Act (2000)?
- Contrary to the GDPR requirements
- It would prejudice a criminal matter under investigation
- It would prejudice a person’s/firm’s commercial interest
What is encryption?
Process of encoding a message so only authorised parties can access
What is a fire wall?
Security system that monitors and controls incoming and outgoing traffic from your network. It prevents unauthorised access
What is an NDA?
Non-disclosure agreement – legally binding contract that requires parties to keep information confidential
What happens if an NDA is breached?
The party that was harmed from the breach can take legal action to enforce the agreement and seek damages for losses incurred
What RICS Professional Standard has been proposed that relates to data management?
- RICS Professional Standard on Data Handling and Prevention of Cybercrime – best proactive and mandatory obligations
- How surveyors capture, store and share data appropriately and securely
How do you ensure the security of your data?
- Password protected devices
- Anti-virus software
- Regular backups off site
- Firewalls
- Disaster recovery procedures
- Store paperwork in locked cupboards you no longer need
- Encryption in your emails
- NDA
How is HG GDPR compliant?
- Secure website to prevent personal data from unauthorised access, breach or theft
- Get consent for emails for mailing lists
- Store information for 6 years
- Data Handling Officer
- Prepare action for handling data breaches
