Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

LEVEL 6 Regulation and Compliance > DATA PROTECTION > Flashcards

DATA PROTECTION Flashcards

1
Q

What is the Data Protection Act?

A

1998 it provided a clear pathway for how personal data must be dealt with
It refers to living individuals who can be identified by that data
Following GDPR - the DPA was repealed and then replaced by the UK’s data protection act in 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DATA PROTECTION ACT 2018

A

transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law.

National security is within scope of the DPA 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

THE DPA 2018 PRINCIPLES

A
  1. Processing must be lawful and fair
  2. Purposes of processing must be specified, explicit and legitimate
  3. Personal data must be adequate, relevant and not excessive
  4. Personal data must be accurate and kept up to date
  5. Personal data must be kept no longer than necessary
  6. Personal data must be processed in a secure manner
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DATA CONTROLLER

A

means a natural or legal person who alone or jointly with others determines the purpose and means of the processing of personal data. They must register with the Information Commissioner’s Office (ICO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DATA PROCESSOR

A

a natural or legal person who processes personal data on behalf of a data controller. They are not required to register with the ICO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the rights of individuals?

A

a data controller is required to make available to data subjects a range of information:

  • the identity and contact details of the data controller and their data protection officer
  • the purpose for which their personal data is being processed
  • the existence of their right to exercise any of the below rights
  • legal basis for the processing of their personal data
  • retention period of data used to determine the retention period
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what to do with a major data breach

A

firms must make the ICO notified within 72 hours and if not, provide a reason for not doing so

  • description and nature of the breach
  • name and contact details of a contact point if additional information is required
  • description of the likely consequences of the breach
  • description of measures taken to address the breach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

THE INFORMATION COMMISSIONERS OFFICE

A

The mission is to ‘uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals’

With regards to data controllers, the ICO has the power to levy a fine of up to £17 million or 4% of global turnover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

factors affecting the ICOs decision on financial penalties

A
  • nature of the personal data involved
  • duration and extent of contravention
  • number of individuals actually or potentially affected
  • importance, value, degree, amount or extent of the breach
  • public importance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

2019 - the ICO FINED BRITISH AIRWAYS £183.9 MILLION

A

infringements on GDPR

variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details, as well as name and address information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

LEVEL 6 Regulation and Compliance (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions