Data Management Flashcards
What are the individual rights under UK GDPR
a. Users have the following rights
i. Right to be informed
ii. Right to access
iii. Right to rectification
iv. Right to erasure
v. Right to restrict processing
vi. Right to data portability
vii. Right to object
viii. Rights to automated decision making and profiling
Who deals with data breaches and when does a breach need to reported?
a) data breaches are policed by the Information Commissioners Office (ICO)
b) A data breach has to reported within 72 hours of becoming a aware of the breach
What are the punishments for breaching DPA 2018?
Can be fined up to the greater of 4% of annual worldwide turnover or £17.5m (whichever is greater)
Principles of the UK GDPR
The storage of personal data must be:
a) processed lawfully
b) collected for specified, explicit and legitimate purposes
c) adequate, relevant and limited to what is necessary for the purposes for they’re processed
d) accurate and, where necessary, kept up to date
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
f) processed in a manner that ensures appropriate security of the personal data
g) article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.
Can personal data be kept indefinitely?
a. Yes if for the following reasons:
i. Archiving purposes in the public interest
ii. Scientific or historical research purposes
iii. Statistical purposes
What is the Freedom of Information Act 2000?
Gives individuals the right of access to information held by public bodies
How do you protect data you receive?
a. Encrypting data
b. Clear desk policy
c. Locking screens when not as desk
d. Regular password updates
e. Anti-virus software
f. Firewalls
g. Disaster recovery procedures
What is copyright?
a. A set of exclusive rights granted to the creator of any original work, including the right to copy
b. These rights can be licensed, assigned or transferred
c. Crown copyright is material created by the government including laws, public records and OS mapping
How can you improve security of data?
a. Firewalls
b. Encryption
c. Passwords
What is a firewall?
Network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules
What is encryption?
The method by which information is converted into secret code that hides the information’s true meaning
How long should you keep records for?
The UK GDPR does not set specific time limits for different types of data. This is up to you, and will depend on how long you need the data for your specified purposes
Are RICS due to release any documentation on Data handling?
Proposed RICS Professional Statement on Data Handling and Prevention of Cybercrime
How would you dispose of sensitive data?
If it was physical, I would dispose of it in the correct disposal bins that are placed around the office that are removed by specialist companies regularly and disposed of
How do you comply with UK GDPR when dealing with mailing lists
