Data management Flashcards
What is GDPR?
- The GDPR is the new EU regulation covering protection of people’s personal data.
- Came into force May 2018 - replaced the DPA 1998
- Its designed to protect data in an era of mass digital data use.
- Empowers individuals to take control of how their date is used by third parties
- The GDPR is in force across the EU and supersedes data protection laws.
- It applies alongside member state laws such as the data protection act 2018 (whihc is the UKs implementation of GDPR)
What are the aims and benefits of GDPR?
Put simply, GDPR was designed to give the public more say over which organisations have access to their data and what they do with it. GDPR will apply to personal data. GDPR was aimed at protecting all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.
What are the key changes (regarding GDPR)?
-Increased Territorial Scope (extra-territorial applicability)
Increased Penalties -Easier consent to the data provider (easily accessible forms for control of their data)
What are the roles in GDPR?
- -Controllers decides how and why personal date is processed (directly responsoble for GDPR)
- -Processors are responsible for processing personal data on behalf of a controller.
What is meant by Increased Territorial Scope (extra-territorial applicability) regarding GDPR?
GDPR applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location.
What is meant by penalties regarding GDPR?
Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements
What is meant by consent regarding GDPR?
Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent (EUGDPR.ORG Portal, 2018).
How would you treat confidential data?
I would make sure to follow my company’s data protection policy. This includes: - Locking my computer when away - Paper free desk and using my locker for confidential information - Use shredder for documents - Ensure to categorize my soft copy documents with the correct coding - eg. public, private and restricted.
What is the Data Protection Act?
It gives individuals the right to know what information is held about them and provides a framework to ensure that it’s handled properly.
What challenges does the Data Protection Act pose?
The main challenge is posed by multiple users of the system saving files in incorrect folders so that retrieval of information can be time consuming. There are also risks of careless revisions of documents or accidental deletion - although our server is backed up twice daily so any losses in this respect are mitigated.
How do you determine if a document is public, private or restricted?
There is a matrix based on the reputation impact, financial impact and legal impact.
How is the GDPR relevant in your day to day work?
- I manage high amounts of sensitive data and this needs to be done in line with the data protection act and GDPR. -
How is the GDPR relevant to the construction industry?
Companies should employ a data protection officer, make sure they comply with all the data protection policy and be clear and transparent when talking about data.
What is the freedom of information act 2000?
The Freedom of Information Act 2000 (FOIA) is a UK Act of Parliament that creates a public ‘right of access’ to information held by public authorities. There are two ways in which this is provided: Public authorities are obliged to publish certain relevant information. Members of the public are entitled to request information from public authorities.
Is the data protection act superseded?
No the data protection act was updated in 2018 to act supplementary to the GDPR.