Data Management - Level 2 Flashcards
How is data managed and protected in your firm?
- Secure document storage
- Back up of documents
- Process for sharing documentation
- Formatting and standardisation of reports
What is GDPR?
The General Data Protection Regulations.
It is a regulation in EU law for protection and privacy in the EU and European Economic Area.
It addresses the transfer of personal data outside the EU and EEA.
What does it mean to be GDPR compliant?
GDPR is a regulation that require businesses to protect the personal data and privact of EU citizens for transactions that occur within EU member states.
Non-compliance could cost companies dearly.
What are the 7 principles of GDPR/key principles of Data Management Act 2018?
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
What things must companies put in place to ensure GDPR compliance?
- Raise awareness across your business
- Audit all personal data
- Update your privacy notes
- Review your procedures supporting individuals rights
- Identify and document your legal basis for processing personal data under he GDPR
- Review how you seek obtain and record consent
How can you ensure data security?
- disk encryption
- regular back ups off site
- password protection
- anti-virus software
What is copyright?
Exclusive rights granted to the author or creator of any original work. These rights can be licensed, assigned or transferred.
It is a form of intellectual property.
All copyrighted material used in work must be acknowledged.
What is the Data Protection Act 2018?
This is the Act that implements GDPR in the UK and relates to the protection of personal data. It came into force on 25th May 2018 and replaced the Data Protection Act 1988.
What are the key requirements of the Data Protection Act 2018?
- Obligation to conduct data protection risk assessment
- Rights to individuals to have access to information on what personal data is held and what is erased.
- A data controller decides how and why personal data is processed.
- NEW REG - ‘data accountability’ ensuring organisations can prove to the ICO (Information Commissioner’s Office how they comply with the new regulations.
What happens if there is a data breach?
Inform ICO within 72 hours when there is a loss of personal data and and a risk of harm to individuals
What are the 8 Individual rights under GDPR?
- Right to be informed
- Right to access
- Right to rectification
- Right to erase
- Right to restrict processing
- Right to data portability
- Right to object
- Rights to automated decision making and profiling
What article of Data Protection Act 2018 relates to storage of personal data?
Article 5(1) states that data must be;
1. processed lawfully, fairly and in a transparent manner
2. collected for specified purposes
3. hold only what is adequate and necessary for the required purposes
4.
What does Article 5(2) of Data Protection Act 2018 state?
“the controller shall be responsible for, and be able to demonstrate, compliance with regulations.”
What is the Freedom of Information Act 2000?
gives individuals the right to access information held by public bodies. Must be supplied in 20 working days.
Exceptions;
1. if contrary to GDPR requirements
2. it would prejudice a criminal matter under investigation
3. it would prejudice a persons/organisations commercial interest
What is a Non-Disclosure Agreement?
A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together. e.g. accounting and financial stability of a company.