Data Management Flashcards

1
Q

What is GDPR?

A

GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What Act Implemented the GDPR in the UK?

A

The Data Protection Act (2018), which replaces the Data Protection Act 1998 after 20 years.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do you need to do if you have a data breach?

A

Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the fines for non-compliance with GDPR?

A

Up to 4% of global turnover, or €20 million. (Whichever is greater)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PACN

What are the principles of Data Protection Act 2018?

A
  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified and legitimate purposes
  • Accurate
  • Not transferred to countries with less info than your own
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 8 Individual Rights Under GDPR?

A
  1. Right to Information
  2. Right of Access
  3. Right of Rectification
  4. Right to Erasure
  5. Right to Restrict Processing
  6. Right to Data Portability
  7. Right to Object
  8. Right to Automated Decision Making

(IARERDOA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an SAR?

A

Subject Access Request – Demand that the individual be given all the information that a company holds on them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When was the Freedom of Information Act Enforced, and what does it do?

A

The freedom of information Act came into effect in 2000, it allows an individual to request access to information held by a public body. The public body is required to provide that information (normally in 20 working days) in the requested format, however they can charge a fee for this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

mentioned in summary of experience

What are the principles of GDPR 2016?

A

A. There are seven:
(1) Lawfulness, fairness and transparency.
(2) Integrity and confidentiality – keep it secure.
(3) Accuracy.
(4) Data minimization – only collect it when you need.
(5) Purpose Limitation – be specific about the purpose of the data collection.
(6) Accountability – record and prove compliance.
(7) Storage Limitations – store data for a necessary limited period and then erase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Give me an example of how your company is compliant with GDPR

A

When we send out marketing emails to prospective purchasers, we send emails individually rather en masse. This is so that the personal details of everyone are protected.

On marketing emails, we give people the right to be removed from our database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly