Data Management Flashcards
what are the GDPR consumer rights
A - Access
C – Consent
C - Correction
E – Erasure
P – Data Portability
ACCEP
(Accep your rights)
what regulation governs laws on data protection and privacy
UK General data protection regulation 202
Article 5 of GDPR requires that personal data should be what? Name at least 3
Processed lawfully, fairly in a transparent manner (PLT)
Adequate, relevant, and limited to what is necessary
Collected for specified explicit and legitimate purposes
Kept in a form that permits identification of data for no longer than is necessary
Accurate and kept up to date, where necessary
Processed in a manner that ensures appropriate security of personal data.
PACKAP
What is the maximum GDPR fine set by UK GDPR and DPA 2018
17.5 Million or 4% of annual global turnover (whichever is highest).
Data offences can be punished by what? Name two (excluding fines).
Warnings
Temporary or permanent ban on data processing
Restriction or erasure of data
Suspend data transfers to third party countries.
what is DPA 2018?
Data Protection Act 2018
UK’s implementation of GDPR
Are you aware of the Freedom of Information Act 2000?
Yes it provides the public access to information held by public authorities.
how do FOI Act 2000 requests work?
Must be in writing
What security measures can you use to protect data?
Password protection
Security markings
Physically locking storage units
Encryption firewalls
Two factor authentication
what best practices would you encourage in terms of managing data?
Cross reference computer with hard copy
Back up IT systems
Write once, read many times
Keep an audit trail
Ensure electronic signature cannot be altered. (send PDF’s not word)
tell me what you know about GDPR
General Data Protection Regulation
Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.
Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.
what is the definition of personal data?
Personal data are any information which are related to an identified or identifiable person.
what is encryption/firewalls/blockchain?
Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.
A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.
A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.
tell me about how you extract data from a source regularly used in your role
Internal database – CDB for rental information
Set parameters for data to refine prior to download
Use filters on excel to refine the data to what I need
what is an electronic document management system (EDMS)?
software package designed to manage electronic information and records within an organisation’s workflow.
Give me an example of how you ensure that data is kept securely.
Permission levels, back up systems, sensitive tag
how do you validate information
Cross check with another source
Call to get further information / confirm details
Adopt a common sense approach
What are pros/cons of primary data sources
Pros
Greater control (type of data, design, method)
May be more accurate
Cons
Expensive (may make it more difficult)
Time consuming