Data management Flashcards

1
Q

What is GDPR?

A
  1. The GDPR is the new EU regulation covering protection of people’s personal data.
  2. Came into force May 2018 - replaced the DPA 1998
  3. Its designed to protect data in an era of mass digital data use.
  4. Empowers individuals to take control of how their date is used by third parties
  5. The GDPR is in force across the EU and supersedes data protection laws.
  6. It applies alongside member state laws such as the data protection act 2018 (whihc is the UKs implementation of GDPR)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the aims and benefits of GDPR?

A

Put simply, GDPR was designed to give the public more say over which organisations have access to their data and what they do with it. GDPR will apply to personal data. GDPR was aimed at protecting all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key changes (regarding GDPR)?

A

-Increased Territorial Scope (extra-territorial applicability)

Increased Penalties -Easier consent to the data provider (easily accessible forms for control of their data)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the roles in GDPR?

A
  1. -Controllers decides how and why personal date is processed (directly responsoble for GDPR)
  2. -Processors are responsible for processing personal data on behalf of a controller.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is meant by Increased Territorial Scope (extra-territorial applicability) regarding GDPR?

A

GDPR applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is meant by penalties regarding GDPR?

A

Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is meant by consent regarding GDPR?

A

Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent (EUGDPR.ORG Portal, 2018).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How would you treat confidential data?

A

I would make sure to follow my company’s data protection policy. This includes: - Locking my computer when away - Paper free desk and using my locker for confidential information - Use shredder for documents - Ensure to categorize my soft copy documents with the correct coding - eg. public, private and restricted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Data Protection Act?

A

It gives individuals the right to know what information is held about them and provides a framework to ensure that it’s handled properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What challenges does the Data Protection Act pose?

A

The main challenge is posed by multiple users of the system saving files in incorrect folders so that retrieval of information can be time consuming. There are also risks of careless revisions of documents or accidental deletion - although our server is backed up twice daily so any losses in this respect are mitigated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do you determine if a document is public, private or restricted?

A

There is a matrix based on the reputation impact, financial impact and legal impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is the GDPR relevant in your day to day work?

A
  • I manage high amounts of sensitive data and this needs to be done in line with the data protection act and GDPR. -
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How is the GDPR relevant to the construction industry?

A

Companies should employ a data protection officer, make sure they comply with all the data protection policy and be clear and transparent when talking about data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the freedom of information act 2000?

A

The Freedom of Information Act 2000 (FOIA) is a UK Act of Parliament that creates a public ‘right of access’ to information held by public authorities. There are two ways in which this is provided: Public authorities are obliged to publish certain relevant information. Members of the public are entitled to request information from public authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is the data protection act superseded?

A

No the data protection act was updated in 2018 to act supplementary to the GDPR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Freedom of Information Act 2000?

A
  1. The Act provides individuals or organisations with the right to request information held by a public authority.
  2. Information must also be published through the public authority’s publication scheme.
  3. Puclic body must tell the individual if they hold it
  4. 20 working days to supply it in format requested
  5. can charge for providing it
17
Q

How do you ensure that you comply with data protection legislation?

A

You should consider issues such as only keeping information you really need, making sure people know you’ve got it and why, not passing on personal information, holding information securely, limiting access to information, keeping up to date information and deleting any information you have no more need for.

18
Q

What data do you use in your work and how do you manage this?

A

Consider any data you collect such as financial figures, valuation figures, contact details, etc. and be able to explain how you ensure this complies with the legislation.

19
Q

What are the 7 principles of GDPR?

A
  1. Lawfulness, fairness and transparency
  2. Purpose limitation - must be legitimate
  3. Data minimisation - only what is necesary
  4. Accuracy - kept up to date where necesary
  5. Storage - for no longer than is necessary
  6. Security -limitation Integrity and confidentiality protect against unlawful access
  7. Accountability - controller is responsible for compliance
20
Q

What types of data is considered under GDPR?

A

Any personal data including: Name Religion Sexual orientation Trade union membership Physical or mental health Genetic data

21
Q

What must you do if you accidentally breach GDPR and send information to the wrong person?

A
    • Report to the ICO (UK regulator) within 72 hours where there is a loss of personal date and a risk of harm to indviduals
  1. Report it internally - Let the individual data subjects aware
  2. Might recieve a fine (up to 4% of global turnover)
22
Q

Who polices the GDPR?

A

The ICO information comissioners office

23
Q

What might be the penalty for breaching the GDPR?

A

Might recieve a fine (up to 4% of global turnover)

24
Q

What are your 8 rights under GDPR?

A
  1. Informed
  2. Access
  3. Recitifcation
  4. erasure
  5. restrict processing
  6. data portability (for own purposes)
  7. To Object
  8. Automated decision making (insurance companies)
25
Q

What are the exemptions from the freedom of information act?

A
  1. contrary to GDPR
  2. Criminal matter under investigation
  3. prejudice an orgnisations commercial interest
26
Q

How can data be kept secure?

A
  1. Firewalls
  2. Encryption
  3. Anitvirus
  4. password protection
27
Q

How does an non disclosure agrement work?

A
  1. It is a contract through which the parties agree not to disclose information covered by the agreement.
  2. An NDA creates a confidential relationship between the parties, typically to protect any type of confidential and proprietary information or trade secrets.
  3. Drawn up by a solcitor.
  4. An NDA is a civil contract, so breaking one isn’t usually a crime, however they face the threat of being sued and could be required to pay financial damages and related costs
  5. An NDA cannot stop anybody:
    1. ‘whistleblowing’
    2. reporting a crime to the police
28
Q
A
29
Q
A
30
Q
A