Data Management Flashcards
What is ICO?
Information Commissioner Office
What does ICO do?
All companies processing personal information must register with ICO under Data Protection 1998
What is the Data Protection Act 2018?
Gives people to the right to know how the government and other organisations store information about you
UK implementation of GDPR
What are the 7 key principles to GDPR?
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability
Define confidentiality?
Confidence to share but not without permission
What is meta data?
Information regarding specific data such as planning documents
Includes author, dates, rules size
Not to be shared
What is intellectual property and copyright?
Controlled use and ownership of information
E.g employees work is owned by the employer unless copyright
Licence provided to use and reproduce
What is Freedom of Information Act 2005?
Controls access to official information
Public right to access information held by public authorities
All information held
Overseen by Information Commissioners Office
How to use a cloud based storage system and benefits?
Backs up on encrypted servers
Online accesss
Cheap
Enables sharing
Environmentally friendly
Multi users permitted
Documents and folders synchronised
What is an NDA?
Non-disclosure agreement
Protects disclosure and sharing of data
Prior to sharing data an agreement is reached
What is the Data Protection Act 2018?
Replaces 1998 legislation for managing personal data
Uk legalisation of EU General Data Protection Regulations
What are the principles for Data Protection Act 2018?
Ensures data is:
- used fairly, lawfully and transparently
- used for purpose
- only retained when necessary
- processed securely
What are your personal rights under Data Protection Act 2018?
Right to:
- be informed on the use
- right to access
- right to be updated
- right to erase
- right to stop/restrict
- right to portability
- right to object use
What are the key persons of GDPR?
Controller - determines purpose and means of processing
Processor - processes on behalf of controller
Data protection officer - required by EU GDPR
What is a data protection officer?
Required by EU under GDPR
Process EU citizens data
Oversee the approach, strategy and implementation
Types of data used?
Guidance notes
Contracts
Tenders
Cost plan
Valuation data
Journals
Sub contractor information
How to ensure compliance with Data Protection Act 2018?
Non-disclosure agreement for confidential information
Lockable storage
Password protection
Encryption
Consent
How do companies ensure compliance?
Only retain data needed
Inform person of use and advise why
Store securely
Delete when not needed