Data Management Flashcards
What are the 7 principles of GDPR?
- Lawfulness, fairness & transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Accountability
- Confidentiality & integrity (security)
- Storage limitation
What are the levels of fines / sanctions for failing to comply with GDPR?
Lower level: 10 million euros or 2% of annual turnover, whichever is highest.
Higher level: 20 million euros or 4% of annual turnover, whichever is highest.
How would you deal with confidentiality if you were to send data overseas?
Once data is sent to an overseas location they become the data owners. To avoid this I would recheck all recipients of emails I am sending, not send sensitive data or confirm with the client or information owner that it’s OK to send data. Also check local laws.
What are the benefits to good data management?
Streamlined Processes and Increased Efficiency
Better Data Consistency
Easier Data Sharing
Enhanced Privacy and Compliance
Backup and Recovery
Better security
Improved Data Integrity
What is GDPR and how does the UK implement it within the UK?
GDPR (General Data Protection Regulations) is European law around data protection and how your personal data can be used.
The UK introduced the Data Protection Act to implement GDPR within the UK. It controls how business, organisations and the government can handle your information.
What is the Data Protection Act 2018?
UK’s way of implementing the GDPR.
The act ensures data is used fairly, lawfully and transparently, used if a way that is relevant to it’s purpose and is not retained for any longer than is necessary.
The Act seeks to empower individuals to take control of their personal data and to support organisations with their lawful processing of personal data.
Who are the key people under the GDPR rules?
- Controller - determines the purpose and means of processing the data
- Processor - processes personal data on behalf of controller
- Data Subject - info whom data is about
- Data Protection Officer - leadership role required by GDPR by companies how process data of EU citizens
What are the 8 individual rights of GDPR and what do they ensure?
1) To be informed
2) To Access
3) To Rectification
4) To Erasure
5) To Restrict Processing
6) Portability
7) To Object
8) To automated decision making and profiling
How long do you need to keep data for?
6 years of contract is underhand
12 years if contract is signed as a deed
RICS recommends 15 years (in line with legal claims)
What are the benefits to EDMS?
- Real time updates/sharing
- Access anywhere
- Secure / password protected
- Can add access restrictions to confidential data
What is the Freedom of Information Act 2000?
Provides public access to information held by public authorities
1) Public authorities obliged to publish certain information about their activities
2) Members of the public are entitled to request information from public authorities
