Data Management COPY COPY Flashcards
what are the GDPR consumer rights
A - Access C – Consent C - Correction E – Erasure P – Data Portability ACCEP (Accep your rights)
what regulation governs laws on data protection and privacy
UK General data protection regulation 2020
Article 5 of GDPR requires that personal data should be what? Name at least 3
- Processed lawfully, fairly in a transparent manner (PLT)
- Adequate, relevant, and limited to what is necessary
- Collected for specified explicit and legitimate purposes
- Kept in a form that permits identification of data for no longer than is necessary
- Accurate and kept up to date, where necessary
- Processed in a manner that ensures appropriate security of personal data.
PACKAP
What is the maximum GDPR fine set by UK GDPR and DPA 2018
17.5 Million or 4% of annual global turnover (whichever is highest).
Data offences can be punished by what? Name two (excluding fines).
- Warnings
- Temporary or permanent ban on data processing
- Restriction or erasure of data
- Suspend data transfers to third party countries.
what is DPA 2018?
Data Protection Act 2018
- UK’s implementation of GDPR
- Replaced the DPA 1998
Are you aware of the Freedom of Information Act 2000?
Yes it provides the public access to information held by public authorities.
how do FOI Act 2000 requests work?
- Must be in writing
- Information must not be exempt e.g. personal data or national security
What security measures can you use to protect data? Name at least 3
- Password protection
- Security markings
- Physically locking storage units
- Encryption firewalls
- Two factor authentication
what best practices would you encourage in terms of managing data? Give at least 3
- Cross reference computer with hard copy
- Back up IT systems
- Write once, read many times
- Keep an audit trail
- Ensure electronic signature cannot be altered. (send PDF’s not word)
you refer to a valuation of serviced offices in Malvern Hills as part of REVAL 2021, how did you use the data collected to advise the senior management of your view?
tell me what you know about GDPR
General Data Protection Regulation
Following Brexit there is now a UK version called UK GDPR 2020
Set out the main responsibilities for organisations using, storing and handling personal data.
Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.
Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.
How does Freedom of information work and how can it be used?
Individual can request information held by public bodies such as minutes from a board meeting
Request must be made in writing
Public body must supply in 20 working days and can charge for this service
Information must not be exempt e.g. personal data or national security.
what is the latest change in data protection regulation?
DPA act
2020 GDPR
New professional statement on Data handling in consultation at the moment.
How does GDPR affect your firm?
what is the definition of personal data?
Personal data are any information which are related to an identified or identifiable person.
what is encryption/firewalls/blockchain?
Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.
A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.
A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.
describe a time you have used and managed data to communicate some complex, reasoned advice?
Reval, Office Malvern Hills