Data Management (Level 1 Portfolio)

Question 1

What is GDPR?

Answer 1

General Data Protection Regulation

Question 2

What is GDPR for?

Answer 2

Legal framework to set guidance for the collection & processing of data

Question 3

When did GDPR become introduced?

Answer 3

May 25 2018

Question 4

What is the UKs implementation of GDPR?

Answer 4

Data Protection Act 2018

Question 5

What does the Data Protection Act 2018 do?

Answer 5

It gives everyone responsibility for using personal data and has to follow strict data principles

Question 6

What are the data protection principles?

Answer 6

Lawful, fair and transparent
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Security
Accountability

Question 7

What is the punishment for breaching GDPR?

Answer 7

20 million euros (around £17million) or 4% global annual turnover, which ever is greater

Question 8

What has changed from 1998 to 2018?

Answer 8

The definition of data is up to date to include new technologies, such biometric.
Larger fines
Breaches must be reported in 72 hours
Clear privacy notices must be given to consumers
Orginisations must provide staff training and internal audits
Any company with over 250 employees or process over 5,000 subject profiles must have a data protection officer

Question 9

What is information governance?

Answer 9

An approach to managing the way information is handled by setting out rules and managing the processes.

Question 10

What are the aims of information governance?

Answer 10

To comply with legislation
Have an effective and appropriate use of information
Managed process for reporting and recording data issues
Provide staff training and support
Encourage staff to work together for effective data use

Question 11

How do the council apply information governance?

Answer 11

We have set processes for using and collecting data such as the databse which has certain rules in place to keep it secure and accurate, we use it for effective data use for example when raising repairs it is a secure method to share customers details so appointments can be raised and work can be done.

Question 12

What PCC polices manage data handling?

Answer 12

We have five policies, Data in Transit, Data Processor, Data Protection & Data Sharing & Records Management

Question 13

What is a ROPA?

Answer 13

Record of Processing Activity, which is a legal duty to under GDPR and DPA 2018. For the council we use the Information Asset Register which outlines what information we may have and why we use it.

Question 14

What does PCCs Data Protection Policy do?

Answer 14

It ensures that all employees and all third party members who have access to any personal data are fully aware of and abide by their duties and responsibilities under DPA and GDPR

Question 15

What is the Freedom of Information Act 2000?

Answer 15

A piece of legislation that allows the public to access information help by public authorities.

Question 16

What are some key points of the FoI to remember?

Answer 16

Affects all staff regarding what information we create, hold and delete.
Anybody can ask for information and PCC must disclose information if it is necessary within 20 days (by law)
Must forward requests to the FoI team ASAP
Requests must be in writing
All information could be disclosed such as emails & documents
If anyone alters data after a request it is a criminal offence with a fine up to £5000

Question 17

How do PCC adhere to secure information?

Answer 17

Fire walls, virus protection and spyware detection
Laptop encryption
Regular backups of data
Network access management
Email & website filtering
Provide advice and guidance

Question 18

What are PCCs key aims of protection of information?

Answer 18

Confidentiality - controlled acess
Integrity - no unautherised changes
Availability - continuously available
Compliance - follow policies and laws

Question 19

What is the Information Commissioners Office?

Answer 19

ICO is a third party individual organisation that upholds information rights for the public

They look at complaints for potential for breaching GDPR/DPA

Question 20

Have PCC had any data breaches?

Answer 20

Over the last 5 years or so the council have reported 13 incidents and 12 of which the ICO decided no futher actioj was needed as we were following GDPR/DPA properly, the one undecided in Nov 2019 i couldnt find an asnwer.

Question 21

What data do you collect in your day to day job?

Answer 21

For repairs, names & numbers.

Use the database to store the data securely into the correct boxes to allow for availability and for it to be deleted / redacted.

Question 22

What could be consequences to you (me as an emplyee) for breaching GDPR?

Answer 22

Verbal or written discaplinary actions
Legal consequences
Loss of job

Question 23

When can a FoI request be denied?

Answer 23

When it takes too much time
When it costs too much
If it is a repeat request by the same person
If the request is vaxatious (cause annoyance/frustration)

Question 24

What is a subject access request?

Answer 24

When you send a written request to an orginisation for any personal information they hold on you.