Data Management Flashcards
what are the GDPR consumer rights
I - Inform
A - Access
C – Consent
C - Correction
E – Erasure
P – Data Portability
ACCEP
(Accep your rights)
~~~
what regulation governs laws on data protection and privacy
UK General data protection regulation 2020
Article 5 of GDPR requires that personal data should be what? Name at least 3
- Processed lawfully, fairly in a transparent manner (PLT)
- Adequate, relevant, and limited to what is necessary
- Collected for specified explicit and legitimate purposes
- Kept in a form that permits identification of data for no longer than is necessary
- Accurate and kept up to date, where necessary
- Processed in a manner that ensures appropriate security of personal data.
PACKAP
What is the maximum GDPR fine set by UK GDPR and DPA 2018
17.5 Million or 4% of annual global turnover (whichever is highest).
Data offences can be punished by what? Name two (excluding fines).
- Warnings
- Temporary or permanent ban on data processing
- Restriction or erasure of data
- Suspend data transfers to third party countries.
what is DPA 2018?
Data Protection Act 2018
- UK’s implementation of GDPR
- Replaced the DPA 1998
Are you aware of the Freedom of Information Act 2000?
Yes it provides the public access to information held by public authorities.
how do FOI Act 2000 requests work?
- Must be in writing
- Information must not be exempt e.g. personal data or national security
What security measures can you use to protect data? Name at least 3
- Password protection
- Security markings
- Physically locking storage units
- Encryption firewalls
- Two factor authentication
what best practices would you encourage in terms of managing data? Give at least 3
- Cross reference computer with hard copy
- Back up IT systems
- Write once, read many times
- Keep an audit trail
- Ensure electronic signature cannot be altered. (send PDF’s not word)
you refer to a valuation of Part 1 claims in Aylesford, how did you use the data collected to advise the senior management of your view?
After combinign evidence from multiple sources, I made a spreasheet to illustrated changes in value using colour coding and indexing this allowed me to advise my senior colleague of what data was most useful, I further advised of how the data should be used and stored.
tell me what you know about GDPR
General Data Protection Regulation
Following Brexit there is now a UK version called UK GDPR 2020
Set out the main responsibilities for organisations using, storing and handling personal data.
Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.
Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.
How does Freedom of information work and how can it be used?
Individual can request information held by public bodies such as minutes from a board meeting
Request must be made in writing
Public body must supply in 20 working days and can charge for this service
Information must not be exempt e.g. personal data or national security.
what is the latest change in data protection regulation?
DPA act
2020 GDPR
The Data Protection (Fundamental Rights and Freedoms) (Amendment) Regulations 2023
How does GDPR affect your firm?
right to collect is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.
FOR data not disclosed outside of agency
what is the definition of personal data?
Personal data are any information which are related to an identified or identifiable person.
what is encryption/firewalls/blockchain?
Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.
A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.
A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.
describe a time you have used and managed data to communicate some complex, reasoned advice?
part 1s - range of sources in spreadsheet, used indexing and colour coding to indicate each sales usefulness, advised that due to data being based on two specific dates it need not be stored for any longer than necessary
give me an example of how you process and handle confidential information
IHT case:
- Don’t print what I don’t need to
- Ensure appropriate saving with correct name conventions
- Don’t leave computer unlocked and unattended
tell me about how you extract data from a source regularly used in your role
Internal database – CDB for rental information
Set parameters for data to refine prior to download
Use filters on excel to refine the data to what I need
what is an electronic document management system (EDMS)?
software package designed to manage electronic information and records within an organisation’s workflow.
Using various technologies, an EDMS allows a user to manage the creation, storage, and control of records while allowing other to access and edit documents.
What type of documents can electronic signatures be used for?
Electronic signatures can be used to replace handwritten signatures in virtually every personal or business process. Examples include contracts, application forms and nondisclosure agreements
Give me an example of how you ensure that data is kept securely.
Permission levels on edrm, restricts who can access the data, preventing conflict of interest in terms of accessing information. E.g someone in rating accessing plans and data collected for a different purpose.
Back up work / systems where necessary
When saving data within Electronic data recording system I ensure it is appropriately labelled as Official-sensitive information. To show others that care must be taken.
how do you validate information
Cross check with another source
Call to get further information / confirm details
Adopt a common sense approach
what are the strengths and limitations of primary/secondary data sources
Primary
Pro’s: Specific to the needs Greater control (type of data, design, method) More up to date May be more accurate
Cons:
Expensive (may make it more difficult)
Time consuming
Secondary
Pro’s:
Easily accessible
Affordable
Less time consuming
Cons:
May lack reliability
May be outdated
May have to deal with irrelevant data before finding suitable data