Data Processing Flashcards
What are the 8 rights of Data Subjects?
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision making
What data management legislation is there?
- Data Protection Act 2018 (UKs implementation of DGPR)
What are the 6 principles of data processing?
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
What are the key aspects of DPA 2018?
What does it cover?
- it incorporates the GDPR into UK law
- provides a framework for processing personal data in the UK
- it covers personal data
- and sensitive data about a person (race, gender, health political opinion)
Who do you notify about a breach?
The ICO (information commissioners office) within 72 hours if they pose a risk to the individuals rights and freedoms.
Affected individuals must also be notified without delay if its likely to result in high risk to their rights and freedoms.
What is the ICO’s fine
Fines for non-compliance are up to £17.5 million or 4% of turnover, whichever is higher.
What is the Freedom of Information Act 2000?
What info is exempt?
and what is the public interest test?
- Any person has the right to request information held by public authorities.
- e.g., local council, NHS, schools and police forces.
- Exemptions: info relating to national security, law enforcement, H&S or commercial interests.
- Public interest test, authorities must apply this test to determine whether info should be disclosed.
What are the time frames with the FOIA
Is there a fee?
Is there a complaints handling procedure?
Respond within 20 working days. Can be a fee of £450.
If a request is not sufficiently answered you can complain to the ICO or further to the first tier tribunal.
