Data Management

Question 1

How can data be kept secure?

Answer 1

Regularly changing passwords
Firewalls
Encryption
Virus protection
Two-step verification
Backing up data

Question 2

What are the benefits of cloud based storage?

Answer 2

Securely backed up
Accessibility can be managed
Cheaper than physical storage
Easier to collaborate on documents

Question 3

What is an NDA?

Answer 3

An NDA is an agreement that prevents the disclosure of confidential data.

Question 4

When may an NDA be used?

Answer 4

If confidential, sensitive or intellectual property information is involved. Can be used to prevent competitors from accessing it

Question 5

What is Intellectual Property?

Answer 5

It refers to creations of the mind and is protected in law to enable creators to earn recognition and financial rewards

Question 6

What is Copyright?

Answer 6

The right a creator has over their work.
Automatically given to creators and prevents others from copying, sharing or distributing their work without permission

Question 7

What is a Trademark?

Answer 7

A sign that distinguishes one brand from another.
Must be registered for a fee.
Prevents others from using the brand without permission
Allows creator to sell and license their brand and use trademark symbol

Question 8

What is a Patent?

Answer 8

An exclusive right for an invention
Complicated application process that incurs a fee
Can only be used for something new, inventive and a physical product or technical method/process

Question 9

What types of data does your organisation handle?

Answer 9

Personal data of employees and customers
Property information
Sensitive and confidential emails/files
Contractual information of companies

Question 10

Which public authority upholds the information rights in the UK?

Answer 10

The Information Commissioners Office (ICO)

Question 11

What is the UK’s implementation of the GDPR?

Answer 11

The Data Protection Act 2018

Question 12

What does GDPR stand for?

Answer 12

General Data Protection Act

Question 13

Who does the GDPR apply to?

Answer 13

Data controllers and processors

Question 14

What is a Data Controller?

Answer 14

The entity that determines the purpose and meaning of processing personal data

Question 15

What is a Data Processor?

Answer 15

The entity that processes the data on behalf of the controller

Question 16

What is personal data?

Answer 16

Information that can be used to directly or indirectly identify the person, or data subject, to whom the information relates

Question 17

What is a Data Protection Officer (DPO)?

Answer 17

Inform and advise the controllers and processors of their obligation

Monitor the controllers and processors

Advise on Data Protection Impact Assessments (DPIA)
Act

Act as a contact point between data subjects and ICO, where necessary

Question 18

When is a DPO required?

Answer 18

Under Article 37:
Public bodies
Organisations handling certain types of data
Organisations handling large amounts of data

Question 19

What are the principles of GDPR?

Answer 19

Article 5:

Lawfulness, fairness, transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

Question 20

What rights do the GDPR provide?

Answer 20

Articles 15-22:

Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights relating to automated decision making & profiling

Question 21

What are the lawful bases for processing personal data?

Answer 21

Article 6:

Consent
Contract
Legal obligation
Vital interests
Public task
Legitimate interests

Question 22

What is the time limit for reporting GDPR data breaches?

Answer 22

72 hours

Question 23

What is the standard maximum for a GDPR breach fine?

Answer 23

Higher of 2% worldwide annual turnover or £8.7m

Question 24

What is the higher maximum for a GDPR breach fine?

Answer 24

Higher of 4% worldwide annual turnover or £17.5m

Question 25

What is the FOIA?

Answer 25

It gives the public the right to access information held by public authorities

Requires public authorities to publish certain information about their activities

Question 26

What information does FOIA cover?

Answer 26

Recorded information held by public authorities, such as files, letters, sound/video recordings, photos etc.

Question 27

Does FOIA give people access to personal data?

Answer 27

No

Question 28

What should someone requesting personal data about themselves do?

Answer 28

Make a Subject Access Request under the DPA 2018

Question 29

What are the principles of the FOIA?

Answer 29

Everyone has a right to access official information - presumption in favour of disclosure
No reason required for request
Requests and requesters treated equally

Question 30

What duties does the responder have to an FOI request?

Answer 30

Inform requester if information is held and provide that information

Question 31

What is the time limit for dealing with an FOI request?

Answer 31

Section 20 - 20 working days

Question 32

What does an FOI request need to be valid?

Answer 32

It must be in writing
Applicants real name
Address that the applicant can receive correspondence to
Description of information required

Question 33

When can an FOI request be refused?

Answer 33

It would cost too much or take too long to deal with
The request is vexatious
It is a repeat of a request from the same person

Question 34

When can information be withheld under FOIA?

Answer 34

Part II of the FOIA lists the exemptions

Question 35

What does CRCA stand for?

Answer 35

Commissioners for Revenue and Customs Act

Question 36

What is the CRCA?

Answer 36

It is an Act that established HMRC and sets out their statutory functions, as well as imposing a statutory duty of confidentiality

Question 37

What impact does the CRCA have?

Answer 37

All information held by the organisation is covered by the duty of confidentiality and can only be disclosed in one of the circumstances stated in section 18

Question 38

What happens if information is wrongly disclosed under CRCA?

Answer 38

Section 19 makes wrongful disclosure a criminal offence. Disciplinary action at work will also been imposed.

Question 39

Are there time limits for dealing with a CRCA request?

Answer 39

Not in the act. Each department will have a policy