Data Management Flashcards
What is the key principles of the Data protection Act 2018
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR)
What are the key principles of the freedom of info Act 2000
Applies to all public bodies in England, Wales and Northern Ireland. The act relates to all information held in any form. Acknowledge request for information within 20 days.
What does GDPR stand for
General Data Protection Regulation which came into force in May 2018
What are the rights under GDPR
The right to: Decisions in relation to automated profiling etc Access Informed Restrict processing Rectification Erase Object Data portability
What are the 6 principles of GDPR
Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality
What databases do you use
Land Registry
Planning Portal
How do you protect data in your office?
Data is protected by;
- Ensuring consent is received to store data
- Only use data for the exact reason it was collected
- All PC’s and mobile devices are encrypted to ensure high levels of security
- We only process data that is required and delete data when it is no longer required
What are the consequences of breaking GDPR regulations
This is the biggest change in GDPR - There are 2 tiers;
Tier 1 (Lesser Breaches): Companies can be fined up to 2% of their annual global turnover or €10million, whichever is greater
Tier 2 (Serious Breaches): Companies can be fined up to 4% of their annual global turnover or €20million, whichever is greater
When did GDPR come into force
25th May 2018
Who policies GDPR
Information Commissioners Office (ICO)
How does your firm protect data?
Information barriers
Do not keep confidential info on desks
Appointed a data protection officer
How has GDPR impacted your day to day work? Give an example of a practice that you have had to change since it’s introduction?
Consent to hold customer data
How do you keep you professional work secure at home ?
Stronger password, lock the screen when I am not using it and keep computer away from windows.
what is the difference between a data controller and data processor ?
The data controller is the person (or business) who determines the purposes for which, and the way in which, personal data is processed.
By contrast, a data processor is anyone who processes personal data on behalf of the data controller
Core Principles of Data Protection?
x6 (PLAID)
1 Purpose Limitations – Only use data for the exact reason you collect it.
2 Lawfulness, fairness & Transparency – Is everything legal, fair & transparent for your reasons for collecting the data?
3 Accuracy – All data needs to be up to date & correct.
4 Integrity & Confidentiality – Security needs to be up to speed, both on PCs (by encryption) & physically (organise so documents are not accessible)
5 Data minimisation - only process data you require. Don’t process extra information that is not needed
6 Storage Limitation – Delete data when it is no longer required
What are the procedures for data breaches under GDPR?
Before there was no obligation to report a data breach. Under GDPR you now have 72 hours to report to the Data Protection Commission.
What is the purpose of a Data Protection Officer?
A Data Protection Officer is now required if your company is;
- An organisation that carries out ‘regular & systematic monitoring of individuals on a large scale’
- An organisation that carries out the large-scale processing of special data categories, such as health records or criminal convictions
- A public authority
The DPO is in place to be the Data Protection representative. They will make sure everything in your company is above board & in compliance with the law
How the new GDPR rules affected you carrying out your duties?
As a company we;
- Got an external company into the office to advise (Code-in-motion)
- Brainstorming session
- Full audit on stored data
- Performed a risk analysis for data held on each employee
o Name
o Why is this data held?
o Who has access?
o Who is the data sent to outside office?
o Who can access the files?
o What could be done to protect the data - Letter issued to employees asking for consent to personal data
- Steps taken for encryption of all business phones & laptops
- Website updated to show data protection policy