Data Management - KT Qs Flashcards
What is the main legislation behind Data Protection?
General Data Protection Regulation (2016) (GDPR) aimed to create a single data protection regime for the European Union.
It came into effect in the UK as the Data Protection Act (2018). = Right to be Informed.
Freedom of Information Act (2000) = Right to Access.
Does the EU GDPR still apply in the UK?
UK GDPR has adopted the EU GDPR regulation and is incorporated into the Data Protection Act (2018).
What is the role of UK GDPR?
What is the role of the Data Protection Act (2018)
UK GDPR is supplemented by the Data Protection Act (2018) and relates to PERSONAL DATA.
It aims to create a single data protection regime and empower individuals to take control of how their data is used by third parties.
Crucially – gives people the RIGHT TO BE INFORMED about how their personal information is used.
Provides a framework for companies processing personal data to ensure this is handled correctly.
What is Personal Data under the Data Protection Act (2018)
May include:
Race
Ethnic background
Religious beliefs
Genetics
Biometrics
Health
What do you understand about UK GDPR? What are key requirements of GDPR?
Key points about the legislation?
An obligation to conduct data protection impact assessment for high risk holding of data.
New rights for individuals to have access to information on what personal data is held – and the option to have it erased.
A data controller decides how and why personal data is processed and is directly responsible for GDPR.
A new principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations.
Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
Fines up to 4% of global turnover of the company or £17.5 million (whichever is the greater).
Policed by the ICO.
What are the 8 individual rights under UK GDPR? What rights do you/your clients have in relation to saved data?
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability (to use for their own purposes)
- Right to object
- Rights to automated decision making and profiling
What do you need to do in the event of a data breach / cyberattack?
Notify the Information Commissioners Office (ICO) within 72 hours of the breach where there is a loss of personal data and a risk of harm to individuals.
What is the penalty / what is the fine for non-compliance with UK GDPR?
Fines up to 4% of the global turnover of the company, or £17.5 million (whichever is the greater).
Who is UK GDPR policed by?
Information Commissioners Office (ICO).
What does the Freedom of Information Act (2000) do?
Freedom of Information Act (2000) = Right to Access!
Gives individuals the right of ACCESS to information held by public bodies.
The public body must tell any individual requesting sight of information whether it holds it.
Normally the public body is required to supply it in 20 working days in the format requested.
It can charge for the provision of the information.
What exemptions are allowed under the Freedom of Information Act (2000). When would someone not be allowed to access their information?
Contrary to the GDPR requirements
If it would unduly influence a criminal matter under investigation or a person’s / organisation’s commercial interest i.e. if there is an overriding public interest to not allow access.
If you received a Freedom of Information Act (2000) request would you act on it?
The Freedom of Information Act (2000) gives individuals a right of access to information held by the public sector.
The request must be in writing.
Information must not be exempt – e.g. personal data or national security.
If I received a FOI request I would not need to act on it, unless the information was held in the public domain/public body.
(This is becuse FoI relates to info held by public bodies - not confidential information).
Does the RICS say anything about Data Management? Any guidance?
(COMMON QUESTION)
Proposed: Professional Standard on: Data Handling and Prevention of Cyber Crime – aimed at how surveyors capture, store and share data.
Likely mandate policies and practices and training for all regulated firms and members.
What forms of data security technologies are available?
How can you keep data secure? How would you prevent cybercrime?
Disk encryption – encrypting data on a secure hard disk drive.
Firewalls
Password protection and anti-virus software protection
Regular back-ups off-site
What forms of data protection do Cluttons have in place?
All of the above
Password protection folders for client data
Cluttons hold a number of ‘IT Security’ training sessions
Clients have to ‘opt in’ to distribution lists in order to be contacted – if an enquiry has not ‘opted in’ to comply with our GDPR regulations we are unable to contact them.