Data Management Flashcards
What are the principles set out in Article 5 of the UK GDPR 2020?
LS MAPS
Lawful
Securely Processed
Data Minimisation
Accurate
Purpose Limitation
Storage Limitation
Article 5:
Processed lawfully, fairly, and in a transparent manner.
Collected for specified, explicit, and legitimate purposes.
Adequate, relevant, and limited to necessity.
Accurate and Up-to-Date.
Kept in a form that permits identification for no longer than is necessary.
Processed in a way that ensures appropriate security.
Data controller will be responsible for, and can evidence, compliance with the principles.
What is the purpose of UK GDPR?
- Aims to create a single data protection regime.
- Empowers individuals to take control over how their data is used.
- Rights to be informed of how data is being used.
When should a data breach be reported?
Personal data breaches must be reported to the ICO within 72 hours.
What is the ICO?
Information Commissioners Office
What is the maximum fine for a data breach?
Up to 4% of Global Turnover OR £17.5M
What are examples of data security measures?
- Disk encryption.
- Regular back up of data.
- Password protection.
- Anti-virus software.
- Firewalls.
- Disaster recovery procedures.
- Two-factor authentication.
Explain how your data storage system keeps data secure.
- Limited access to SharePoint.
- Data that is deleted is stored for 30 days elsewhere so able to recover if mistake made.
- Records who and when data is inputted.
- Classification of documents and emails.
- Password protected.
What is a data controller?
Determines the purposes and means of processing personal data.
Can be alone or joint role.
What is a data processor?
Processes the personal data on behalf of the data controller.
What legislation is relevant to data management?
Data Protection Act 2018
What are the individual rights under UK GDPR?
- Informed
- Access
- Rectification
- Erasure
- Restrict Processing
- Data Portability
- Object
- Automated decision making including profiling
What is the Freedom of Information Act 2000?
Right for individuals to access information held by the public sector.
What are the exemptions of an FOI Request?
- Personal data.
- Matters of national security.
Request must be in writing.
How many days must a response by provided in for a FOI Request?
20 working days.
What is personal data?
Anything that identifies a person i.e., name, gender, location data, cultural, social, economic related to an individual.
What are the benefits of a cloud-based storage system?
- Information is backed up securely on encrypted servers.
- Accessibility can be managed via online settings.
- Cloud is often cheaper than storing hard copy files.
- Convenient to send and share files online.
- Environmentally friendly.
- Multiple users can access the same documents.
- Collaboration on documents.
What is the meaning of a non-disclosure agreement?
- Non-disclosure agreements are used to protect against the disclosure or sharing of any confidential data.
- Clients will typically request that a recipient signs a NDA.
- Used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.
If two separate departments within your firm were working for rival companies, how would you ensure client sensitive data was managed?
- Make client aware of the risks.
- Conflict of interest checks.
- Letter of instruction to continue.
- Methods of managing this would include NDAs, single lines of communication to client, separate working locations (information barriers), secure storage of data.
Who are the key persons outlined within GDPR?
Data Controller - natural person or legal entity that determines the purposes and means of the processing of personal data.
Data Processor - processes personal data on behalf of the controller.
What things must companies put in place to ensure GDPR compliance?
- Raise awareness across your business.
- Audit all personal data.
- Update your privacy notice.
- Review your procedures supporting individuals’ rights.
- Identify and document your legal basis for processing personal data under the GDPR.
- Review how you seek, obtain consent.
How is data managed and protected in your firm?
- Secure document storage.
- Back up of documents.
- Sharing/confidentiality of documentation.
- Common data standards.
- Formatting/standardising reports.
- Data sharing with internal and external teams.
- Paper form/digital form.