Data Protection

Question 2

When did the Data Protection Act 2018 come into force?

Answer 2

May 2018

Question 3

What are the principles detailed in the Data Protection Act 2018?

Answer 3

Lawfulness, Fairness and Transparency

Purpose Limitation

Data Minimisation

Accountability

Question 4

What is meant by Data Minimisation?

Answer 4

Personal data that is collected by an organisation should be only what is necessary for the specific purpose.

Question 5

What is meant by Purpose Limitation?

Answer 5

Personal data should be used only for the explicit purpose for which it was given.

Question 6

What has been nominated by the UK to regulate and enforce GDPR?

Answer 6

The Information Commissioner’s Office (ICO)

Question 7

What is the maximum fine which can be imposed for breaches in data protection in the EU?

Answer 7

The greater of €20 million, or 4% of the organisation’s annual global turnover.

Question 8

Can the EU fine apply to UK businesses if they process personal data of EU residents?

Answer 8

Yes

Question 9

What is the maximum fine which can be imposed for breaches in data protection in the UK? *

*Processing UK residents’ personal data

Answer 9

The greater of £17.5 million, or 4% of the organisation’s annual global turnover.

Question 10

How long, after a personal data breach is discovered, must an organisation report it to the relevant supervisory body?

Answer 10

72 hours.

Question 11

What must organisations ensure they have, to ensure data protection?

Answer 11

Robust data breach detection, investigation and internal reporting procedures in place.

They must keep a record of any personal data breaches.