Data Management Flashcards
What is GDPR?
GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union
What Act Implemented the GDPR in the UK?
The Data Protection Act (2018), which replaces the Data Protection Act 1998 after 20 years.
What do you need to do if you have a data breach?
Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.
What are the fines for non-compliance with GDPR?
Up to 4% of global turnover, or €20 million. (Whichever is greater)
PACN
What are the principles of Data Protection Act 2018?
- Processed lawfully, fairly and in a transparent manner
- Collected for specified and legitimate purposes
- Accurate
- Not transferred to countries with less info than your own
What are the 8 Individual Rights Under GDPR?
- Right to Information
- Right of Access
- Right of Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Automated Decision Making
(IARERDOA)
What is an SAR?
Subject Access Request – Demand that the individual be given all the information that a company holds on them.
When was the Freedom of Information Act Enforced, and what does it do?
The freedom of information Act came into effect in 2000, it allows an individual to request access to information held by a public body. The public body is required to provide that information (normally in 20 working days) in the requested format, however they can charge a fee for this.
mentioned in summary of experience
What are the principles of GDPR 2016?
A. There are seven:
(1) Lawfulness, fairness and transparency.
(2) Integrity and confidentiality – keep it secure.
(3) Accuracy.
(4) Data minimization – only collect it when you need.
(5) Purpose Limitation – be specific about the purpose of the data collection.
(6) Accountability – record and prove compliance.
(7) Storage Limitations – store data for a necessary limited period and then erase.
Give me an example of how your company is compliant with GDPR
When we send out marketing emails to prospective purchasers, we send emails individually rather en masse. This is so that the personal details of everyone are protected.
On marketing emails, we give people the right to be removed from our database.