Data Management Flashcards
What is ICO?
Information Commissioner Office
What does ICO do?
All companies processing personal information must register with ICO under Data Protection 1998
What is the Data Protection Act 2018?
Gives people to the right to know how the government and other organisations store information about you
UK implementation of GDPR
What are the 7 key principles to GDPR?
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability
Define confidentiality?
Confidence to share but not without permission
What is meta data?
Information regarding specific data such as planning documents
Includes author, dates, rules size
Not to be shared
What is intellectual property and copyright?
Controlled use and ownership of information
E.g employees work is owned by the employer unless copyright
Licence provided to use and reproduce
What is Freedom of Information Act 2005?
Controls access to official information
Public right to access information held by public authorities
All information held
Overseen by Information Commissioners Office
How to use a cloud based storage system and benefits?
Backs up on encrypted servers
Online accesss
Cheap
Enables sharing
Environmentally friendly
Multi users permitted
Documents and folders synchronised
What is an NDA?
Non-disclosure agreement
Protects disclosure and sharing of data
Prior to sharing data an agreement is reached
What is the Data Protection Act 2018?
Replaces 1998 legislation for managing personal data
Uk legalisation of EU General Data Protection Regulations
What are the principles for Data Protection Act 2018?
Ensures data is:
- used fairly, lawfully and transparently
- used for purpose
- only retained when necessary
- processed securely
What are your personal rights under Data Protection Act 2018?
Right to:
- be informed on the use
- right to access
- right to be updated
- right to erase
- right to stop/restrict
- right to portability
- right to object use
What are the key persons of GDPR?
Controller - determines purpose and means of processing
Processor - processes on behalf of controller
Data protection officer - required by EU GDPR
What is a data protection officer?
Required by EU under GDPR
Process EU citizens data
Oversee the approach, strategy and implementation
Types of data used?
Guidance notes
Contracts
Tenders
Cost plan
Valuation data
Journals
Sub contractor information
How to ensure compliance with Data Protection Act 2018?
Non-disclosure agreement for confidential information
Lockable storage
Password protection
Encryption
Consent
How do companies ensure compliance?
Only retain data needed
Inform person of use and advise why
Store securely
Delete when not needed
Outline what GDPR is?
Correction = change data
Portability = transfer
Evasive = delete
Access = know what is collected and how
Consent = consumer informed
What are the principles of Article 5 of GDPR?
Personal data shall be:
- processed lawfully, fairly and transparently
- collected for legitimate purpose
- relevant and limited to what it is necessary in related to
- kept up to date and accurate
- kept securely to identify data no longer necessarily for purpose
- processed to ensure security
Types of communication?
Graphs
Photos
Schedules
Maps
Property reports
Data storage
Benchmarking
Security
Input data = property records
Output data = rental info
Cycle of documents?
Compose
Capture
Review
Approve
Retrieve
Archive
What is personal data?
Under Uk GDPR Article 4:personal data is information relating to an identified or identifiable natural person
Name
Identification number
Location data
Online identifier
What are the fines for non-compliance with GDPR?
4% of annual global turnover or 20m
Types of data source
Primary - time consuming and expensive
Secondary - not as reliable
How to handle 2 departments within one firm acting for two rival firms need to ensure management of data?
- ensure client is aware and informed
- conflicts of interest
- obtain letter of instruction
- exclusive staff access
- NDA
- separate working in different locations
- documents and data store separately
What can companies put in place to ensure GDPR compliance
Raise awareness across staff
Audit personal data
Update privacy notice
Review procedures
Identify and document legal basis for processing data
Review how you seek, obtain and record consent
How do Coop manage and protect data?
Secure storage
Back up documents
Sharing/confidentiality of documents
Common data standards
Formatting/standardising reports
Data sharing with internal/external teams
Paper form/ digital
What does it mean to be GDPR complaint?
Requirement for business to protect personal data and privacy of EU citizens
How long does Lincolnshire Coop hold data?
7 years from end of relatiohip
What is ISO27001?
International information Security Standard which outlines requirements for how a company should implement an information security management system.
This a governance framework for activities that allows a company to manage its information security risks
What is data?
Raw facts
Unorganised
Primary
Basic inputs
What is information?
Organised data which has been processed and structured
Secondary
Why collect data?
As a record
Obtain information
Make decisions
Pass on
Types of data?
Cost data
Market prices
Material costs
Budgets
Cash flows
What is internal data?
Owned by company
What is external data?
Stats
Market information
How to protect data?
Access restrictions
Password
Scan, save, shred
Back up
Firewalls
Anti virus
Principles of data management
Data is:
An asset
Shared
Accessible
Secure
Not duplicate
Fit for purpose
Data management process
Collection
Share
Store
Access
Reassign
Delete
What is tacit knowledge?
Knowledge gained through experience
What is EDMS
Electronics document management system
Benefits of EDMS?
High security
Data retrieval easier
Time save
Effective control
Share information
Disadvantage of EDMS
Higher cost
Specialist training
Online security
Complex use
System errors
Advantage/disadvantage of traditional management systems?
Adv - less cost, no specialist training, simple and user friendly, no online threat
Disadvantage - staff to upload, high cost, paper waste, time consuming, more space needed