Data Managment Flashcards
What are the time limits for responding to data protection rights requests?
If you exercise any of your rights under data protection law, the organisation you’re dealing with must respond as quickly as possible. This must be no later than one calendar month, starting from the day they receive the request. If the organisation needs something from you to be able to deal with your request (eg ID documents), the time limit will begin once they have received this.
If your request is complex or you make more than one, the response time may be a maximum of three calendar months, starting from the day of receipt.
When must you notify the ICO of a personal data breach that is likely to risk individuals’ rights and freedoms?
Without undue delay and within 72 hours of becoming aware.
What is the difference between a data processor and data controller?
A data controller determines the purposes and means of the processing of personal data. A processor engages in personal data processing on behalf of the controller.
