Data Management

Question 1

What are some examples of data security technologies? (5)

Answer 1

• Disk encryption (encrypting data on a secure hard disk drive)
• Regular backups offsite
• Password protection
• Use of anti-virus software protection
• Firewalls

Question 2

What is a firewall?

Answer 2

A network security device that monitors traffic to or from your network

Question 3

What is copyright?

Answer 3

• A set of exclusive rights granted to the author or creator of any original work, including the right to copy
• Form of intellectual property

Question 4

What is triangulation?

Answer 4

Triangulation is the process of verifying data from multiple sources to validate any data collected

Question 5

What are the individual rights under UK GDPR? (8)

Answer 5

1. Right to be informed
2. Right to access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Right to automated decision-making and profiling

Question 6

What are the principles of the UK GDPR? (5)

Answer 6

Personal data must be:
- Processed lawfully, fairly, and in a transparent manner
- Collected for a specific and legitimate purpose
- Accurate and kept up to date
- Kept no longer than necessary
- Processed in a secure manner

Question 7

What is the link between UK GDPR and the Data Protection Act 2018?

Answer 7

When the UK left the EU in 2016, it formed its own regulations, UK GDPR, which sits alongside the Data Protection Act 2018

Question 8

What did the Data Protection Act 2018 replace?

Answer 8

Data Protection Act 1998

Question 9

What is the aim of the UK GDPR/Data Protection Act 2018?

Answer 9

It aims to create a single data protection regime affecting businesses and empower individuals to take control of how their data is used by third parties

Question 10

Who is the UK GDPR/Data Protection Act 2018 policed by?

Answer 10

Information Commissioner’s Office (ICO)

Question 11

What can the fines be for data security breaches?

Answer 11

Up to 4% of global turnover of the company or £17.5 billion (whichever is greater)

Question 12

What are some of the requirements of the UK GDPR/Data Protection Act 2018? (4)

Answer 12

• Obligation to conduct data protection impact assessments for high-risk holding of data
• Data controller decides how and why personal data is processed and is directly responsible for GDPR
• ‘Data Accountability’ ensures that organisations can prove to the ICO how they comply with the new regulations
• Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals

Question 13

What is the Freedom of Information Act 2000? (2)

Answer 13

• Give individuals the right of access to information held by public bodies
• Public body is required to supply it within 20 working days

Question 14

Are there any exemptions to the Freedom of Information Act 2000? (2)

Answer 14

• Contrary to GDPR requirements
• It would prejudice a criminal matter under investigation

Question 15

What is a Non-Disclosure Agreement (NDA)

Answer 15

A legally enforceable contract between two parties relating to sensitive information

Question 16

How does your office keep its data secure?

Answer 16

• Regular backups of the site (daily)
• Passwords change every 60 days

Question 17

What is included in an NDA? (5)

Answer 17

• Parties
• Definition of what is deemed confidential
• Scope of confidentiality
• Exclusions of confidentiality
• Signatures

Question 18

Who is bound by an NDA? Just the signatory or the whole company?

Answer 18

Whole company

Question 19

What are the different types of data structures? (2+3+3)

Answer 19

Split into:
- Linear structures e.g. array, linked list, stack, and;
- Non-linear structures e.g. trees, graphs, and tries

Question 20

How can you keep a confidential folder safeguarded? (3)

Answer 20

• Clean desk policy
• Password and encrypted files
• Label clearly what is confidential

Question 21

How do you ensure accuracy in your data records? (4)

Answer 21

• Regular data audits
• Training and Education
• Data source verification
• Restrict the number of users

Question 22

Can you give an example of any negatives you have experienced with more tech software methods of data management? (2)

Answer 22

• Need for skilled personnel
• Costs

Question 23

Where do you store your client data?

Answer 23

• External hard drives
• Password-protected filing system

Question 24

Does it make a difference whether a file/folder contains personal data or purely company data?

Question 25

What is typically included within an NDA? (4)

Answer 25

• Definition of confidential information
• The parties
• The terms and durations
• Consequences of a breach

Question 26

How does a virtual data room comply with GDPR rules?

Answer 26

• Only certain people can have access
• Confidentiality obligations on those who gain access to these rooms

Question 27

How do you shut down a data room securely?

Answer 27

I would contact my company’s service desk to ensure it is shut down in a secure manner

Question 28

How do you set up a data room? (5)

Answer 28

• Choose the best data room software
• Identify the structure
• Add users and permissions
• Create an NDA
• Organise documents and files

Question 29

What is the timeline for reporting a data breach to the ICO?

Answer 29

72 hours