Data Management

Question 1

What does GDPR stand for?

Answer 1

General Data Protection Regulation

Question 2

What is GDPR?

Answer 2

• A new data protection law which came into force on 25th May 2018, replacing the Data Protection Directive.
• Changes to existing data protection law across the EU and include significantly greater fines for data breaches.
• Gives people more control over their data & to know what info. is held about them.
• To secure personal information online & ensure personal info. is handled properly.

Question 3

How does the Act work?

Answer 3

The Act works in 2 ways:
i. Stating that anyone who processes personal data must comply with 8 principles, which makes sure personal info. is:
1. Fairly & lawfully processed
2. Processed for limited purposes only
3. Adequate, relevant and not excessive
4. Accurate & up to date
5. Not kept longer than necessary
6. Processed within your rights
7. Secure
8. Not transferred to other countries without adequate protection
ii. Provides individuals with rights.

Question 3

Who deals with complaints?

Answer 3

ICO

Question 4

What are the rights of the individual?

Answer 4

• Data access – right to validate lawful processing of their personal data
• Date rectification – can request that access to their personal data is suspended or restricted in some cases
• Data portability – right to request their personal data is provided in a structured and readable format
• Right to erasure – the right for the data subject to request that their data is deleted
• Right to object –can object to the processing of their data

Question 5

FoI Act 2000 key principles

Answer 5

6 key principles
1. Maximum disclosure
2. Publish key information
3. Promote open government
4. Exceptions narrowly drawn
5. Processed rapidly and fairly
6. Minimum cost

Question 5

What is the level of fines?

Answer 5

£20 million or 4% of annual turnover

Question 6

What are the key principles of GDPR?

Answer 6

• Fairness & transparency
• Data minimisation
• Purpose & storage limitation
• Accuracy
• Security

Question 7

Aim of the FoI Act

Answer 7

1. Improve accountability
2. Promote transparency
3. Make data open

Question 8

Requirements for an FoI request

Answer 8

1. be submitted in writing
2. State full name of the applicant
3. Provide suitable address for correspondence

Question 9

TfL may refuse request if?

Answer 9

Estimated cost exceeds £450, based on 18 man hours

Question 10

Deadline for response is?

Answer 10

20 working days

Question 11

What do you have to do if there is a breach of GDPR?

Answer 11

72 hours to report to the ICO

Question 12

What is ISO9001?

Answer 12

an international standard that sets out the requirements for a quality management system.

Question 13

7 Principles of ISO9001?

Answer 13

1. Engagement of people
2. Customer focus
3. Leadership
4. Process approach
5. Improvement.
6. Evidence-based decision making.
7. Relationship management

Question 14

ISO27001 is….?

Answer 14

an international standard to manage information security