Data Management Flashcards
What are the main laws governing data?
Data Protection Act (2018) and UK GDPR
Why does data regulation exist?
To ensure safety around people’s personal information and also to give people rights around their data
What do you do to ensure you comply with regulation?
I ensure I complete training on data/cybersecurity
I ensure I comply with GDPR
I am thorough and accurate in my data processes
I keep data up to date and relevant
What does your firm do to ensure compliance with regulation?
We have an internal compliance director who is the go-to for all questions/issues
We have regular internal training
We ensure our databases comply with GDPR
We keep records for 6 years, or 15 if necessary
What did you do to ensure your client database complied with regulation?
We ensure data is:
accurate
up to date
necessary to keep
only kept for the amount of time it is required
secure
What do you do to ensure your internal comparable database complies with regulation?
We ensure data is:
accurate
up to date
necessary to keep
only kept for the amount of time it is required
secure
How do you ensure information is correct?
(internal database)
I always seek to confirm details with agents
If I am using information from the database, I will confirm with the individual who input it, where the data came from, has it been confirmed etc
Who governs data regulation in the UK?
ICO - Information Commissioner’s Office
What are data security measures you can take?
Disk encryption – encrypting data on a secure hard disk drive
Regular backups off site
Cloud storage
Password protection
Anti-virus software
Firewalls
Can you sum up GDPR/Data Protection Act?
GDPR was introduced to give individuals rights around what data companies can hold about them.
Seven key principles:
Processed lawfully and transparently
Collected for specified and legitimate purposes and not processed in a manner beyond those means
Accurate
kept up to date
If an individual is identifiable from the data, it must be kept for no longer than it is required
Appropriate security
Accountability - organisations are accountable for demonstrating compliance
What are the consequences for non-compliance of GDPR?
Fines of up to £17.5 million or 4% of annual turnover, whatever is highest
What are the principles of GDPR?
Data must be:
Processed lawfully and transparently
Collected for specified and legitimate purposes and not processed in a manner beyond those means
Accurate and kept up to date
If an individual is identifiable from the data, it must be kept for no longer than it is required
Appropriate security
What are consumer/people’s rights under the Data Protection Act/GDPR?
The right to know what data organisations store about them:
Right to know how data is being used
Right to access
Right to correct/update
Right to erase
Right to stop or restrict the processing of your data
Data portability (allow you to get and reuse your data for difference services
Right to object how your data is processed in certain circumstances
What are the ‘data protection principles’
Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security)
Accountability.
What about profiling?
Individuals also have the same rights for profiling, or automated decision-making processes (even without human involvement) i.e. if personal data is being used for this