DATA MANAGEMENT Flashcards
Define Personal data
Personal data is information relating to an identified or identifiable living
What data management acts are there that you need to be aware of?
GDPR
DPA 2018
What is Data Protection
How our personal and sensitive data is stored, collected and used
What is GDPR
General Data Protection Regulations
A set of data protection rules created under EU Law and Regulation
Who are key personnal under GDPR
a.Data Processor - The person who processes the data on behalf of the controller
b.Data Controller - The natural person who determines the purpose and means of processing personal data
c.Data Protection Officer - Leadership role employed
What are the principles of GDPR/prinicples of data
Lawful, fair and transparent
Purpose Limitation
Minimisation
Accuracy
Stoarge Limitation
Security and Integrity
Accountability
What are the individual rights under GDPR
There are 7 principles
a. The right to be informed.
b.The right of access.
c. The right of rectification.
d. The right to erasure.
e. The right to restrict processing.
f. The right to data portability.
g. The right to object.
h. Rights of automated decision making and profiling
What is the DPA 2018
Data Protection Act 2018
It is the UK implementation of the GDPR
It manages how personal data is stored and managed by organisations
What are the key principles of the DPA 2018
It ensures data is
a. Used fairly, transparently and lawfully
b. Used only for the purpose that it’s intended
c. Not retained longer than necessary
d. Processed securely
What are individuals rights under the DPA 2018
People have the right to
a. Be informed about how their data is being used
b. Have access to their data
c. Have incorrect data updated
d. Have data erased
e. Object to their use of data
How do companies ensure compliance with DPA 2018
They should only retain data they need
People need to be kept informed
Data should be held securely
Delete information that’s not necessary
What is an NDA
Non-disclosure agreement
They prevent confidential information being shared, except by those who have signed the NDA
What must be done if information is mishandled
It must be reported to the ICO (Information Commissioner’s Office) within 72 hours of discovery
What is the penalty for not abiding by the GDPR?
Up to 20m Euros or 4% of the previous years turnover (whichever is higher)
What is an NDA
Non-disclosure agreement
They prevent confidential information being shared, except by those who have signed the NDA