Data Management Flashcards
Can you tell me three principles of UK GDPR and the Data Protection Act
2018?
- Lawful, fairness & transparency
- Purpose limitation
- Data minimisation
- Integrity and Confidentiality
- Accountability
- Storage Minimisation
- Accuracy
How do you comply with UK GDPR and the Data Protection Act 2018 in
your role?
Explicit Consent must be freely given and informed.
Ensure that you only collect the minimum amount of personal data required for the purpose you are processing it.
Ensure data is kept secure - include using encryption, strong passwords and two factor authentications.
What are the key rights under the GDPR?
- To be informed
- Access
- Rectification
- Erasure / forgotten
- Restrict processing
- Data portability
- Object
- Automated decision making
What are the UK GDPR (General Data Protection Regulation 2018) and Data Protection Act 2018
Replaced Data Protection Act 1988
Incorporates GDPR into UK law, ensuring data protection rules align with EU regulation.
Provides a framework for processing personal data in the UK.
Provides people the right to be informed about how their information is used.
Personal data – info that can identify an individual
Relates to sensitive personal data – data about racial/ethnic origin, political/religious beliefs, sexual orientation.
How do you safely secure data?
- Disk encryption
- Regular backups off site
- Cloud storage
- Password protection & anti-virus
software - Firewalls and disaster recovery
procedures
What is a database?
Organised collection of structured information/data
What is copyright?
- Exclusive rights granted to the
author/creator of original work – right
to copy. - Can be licensed, assigned/transferred.
- Form of intellectual property
- Crown copyright – refers to all material
created/prepared by Government.
What is the Freedom of Information Act 2000?
The right to access information provided by public bodies.
Must supply within 20 working days.
What is Land Registry?
Records and maintains information about land and property ownership.
e.g. title register, title plan, and leases.
What is a title register?
Legal document that provides details about the ownership and legal status of a property or land.
What is a title plan?
Map/diagram to accompanies that title register outlining the land, location and boundaries within the title.
What is CoStar?
Global data platform for commercial real estate information, analytics and news.
What is an NDA?
Non-Disclosure Agreement - Legally binding contract relating to sensitive information.
If breached, party affected can take legal action and seek damages.
What is a subject access request?
The request used to obtain your personal information from a public authority.
What is personal information?
Information that can identify an individual, directly or indirectly.
How is your data backed up?
Stored remotely in a cloud.
What is the deadline for reporting a data breach of personal data?
72 hours to ICO (Information Commissioner’s Office)
What are the fines for data breaches?
Up to 4% global turnover of the company or up to £17.5 million, whichever is greater.
Policed by ICO.
