Data management Flashcards

1
Q

What is GDPR?

A

The GDPR is the new EU regulation covering people’s personal data. Its designed to protect data in an era of mass digital data use. The GDPR is in force across the EU and supersedes data protection laws. It applies alongside member state laws such as the data protection act 2018.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the aims and benefits of GDPR?

A

Put simply, GDPR was designed to give the public more say over which organisations have access to their data and what they do with it. GDPR will apply to personal data.

GDPR was aimed at protecting all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key changes (regarding GDPR)?

A
  • Increased Territorial Scope (extra-territorial applicability)
  • Increased Penalties
  • Easier consent to the data provider (easily accessible forms for control of their data)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the roles in GDPR?

A
  • Controllers determine the purposes and means of processing personal data.
  • Processors are responsible for processing personal data on behalf of a controller.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is meant by Increased Territorial Scope (extra-territorial applicability) regarding GDPR?

A

GDPR applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is meant by penalties regarding GDPR?

A

Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is meant by consent regarding GDPR?

A

Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent (EUGDPR.ORG Portal, 2018).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How would you treat confidential data?

A

I would make sure to follow my company’s data protection policy. This includes:

  • Locking my computer when away
  • Paper free desk and using my locker for confidential information
  • Use shredder for documents
  • Ensure to categorize my soft copy documents with the correct coding - eg. public, private and restricted.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Data Protection Act?

A

It gives individuals the right to know what information is held about them and provides a framework to ensure that it’s handled properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What challenges does the Data Protection Act pose?

A

The main challenge is posed by multiple users of the system saving files in incorrect folders so that retrieval of information can be time consuming. There are also risks of careless revisions of documents or accidental deletion - although our server is backed up twice daily so any losses in this respect are mitigated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do you determine if a document is public, private or restricted?

A

There is a matrix based on the reputation impact, financial impact and legal impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is the GDPR relevant in your day to day work?

A
  • ## I manage high amounts of sensitive data and this needs to be done in line with the data protection act and GDPR.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How is the GDPR relevant to the construction industry?

A

Companies should employ a data protection officer, make sure they comply with all the data protection policy and be clear and transparent when talking about data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the freedom of information act 2000?

A

The Freedom of Information Act 2000 (FOIA) is a UK Act of Parliament that creates a public ‘right of access’ to information held by public authorities. There are two ways in which this is provided:

Public authorities are obliged to publish certain relevant information.
Members of the public are entitled to request information from public authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is the data protection act superseded?

A

No the data protection act was updated in 2018 to act supplementary to the GDPR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Freedom of Information Act 2000?

A

The Act provides individuals or organisations with the right to request information held by a public authority. Information must also be published through the public authority’s publication scheme.

17
Q

How do you ensure that you comply with data protection legislation?

A

You should consider issues such as only keeping information you really need, making sure people know you’ve got it and why, not passing on personal information, holding information securely, limiting access to information, keeping up to date information and deleting any information you have no more need for.

18
Q

What data do you use in your work and how do you manage this?

A

Consider any data you collect such as financial figures, valuation figures, contact details, etc. and be able to explain how you ensure this complies with the legislation.

19
Q

What are the 7 principles of GDPR?

A
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability
20
Q

What types of data is considered under GDPR?

A
Any personal data including:
Name
Religion
Sexual orientation
Trade union membership
Physical or mental health
Genetic data
21
Q

What must you do if you accidentally breach GDPR and send information to the wrong person?

A
  • Report to the ICO (UK regulator) within 72 hours
  • Report it internally
  • Let the individual data subjects aware