Data Protection Flashcards
What does data protection in clinical laboratories refer to?
The safeguarding of patient information, test results, and sensitive data to ensure privacy, security, and compliance with legal and ethical standards.
What is the General Data Protection Regulation (GDPR)?
The cornerstone of data protection, governing how we collect, store, and use personal information across the EU.
When did the GDPR come into law?
In 2018.
What are the enhanced data protection standards established by GDPR?
Stringent guidelines for how organisations collect, store, process and protect personal data of individuals with the EU.
What are the consent requirements under GDPR?
Organisations must obtain clear and explicit consent from individuals for data collection and processing.
What enhanced rights do data subjects have under GDPR?
Individuals have enhanced rights regarding their personal data, including access, correction, and deletion.
What are data breach notification obligations under GDPR?
Organisations must notify authorities and affected individuals of data breaches within a specified timeframe.
What does data protection by design and default mean?
Data protection measures should be integrated into the development of business processes and systems.
What is the impact of global data transfers under GDPR?
Regulations on how personal data can be transferred outside the EU to ensure continued protection.
What compliance and accountability requirements does GDPR impose?
Organisations must demonstrate compliance with GDPR and be accountable for their data protection practices.
What penalties are enforced for non-compliance with GDPR?
Significant financial penalties and other sanctions can be imposed on organisations that fail to comply.
What cultural shift has occurred towards data privacy due to GDPR?
A growing emphasis on the importance of data privacy and security among organisations and individuals.
What is the global influence of GDPR?
GDPR has inspired data protection legislation and practices worldwide.
What was the purpose of the Data Protection Act 1988?
To regulate the processing of personal data and protect individuals’ privacy.
What is defined as personal data under the Data Protection Act 1988?
Any information relating to an identifiable person, such as names, addresses, medical records.
What type of sensitive personal data was included in the 2003 amendment?
Information about health, race, religious beliefs, and criminal history.
Who are considered data controllers?
Businesses, hospitals, laboratories.
What responsibilities do data controllers have?
Ensuring that data is collected and used lawfully.
What must data processors follow when handling data?
Strict security measures.
List the eight data protection principles outlined in the Act.
- Obtained & processed fairly
- Used for specified, lawful purposes
- Adequate, relevant, and not excessive
- Kept accurate and up to date
- Kept only for as long as necessary
- Processed in accordance with individuals’ rights
- Kept secure against unauthorized access or loss
- Transferred outside the EEA only with adequate protection
What is a Data Subject Access Request (DSAR)?
A legal right for individuals to access their data.
What rights did individuals have under the Data Protection Act?
- Access their data
- Correct inaccurate data
- Object to data processing in certain cases
- Have their data erased (if applicable)
Who was responsible for monitoring compliance with the Data Protection Act?
The Data Protection Commissioner (DPC).
What could organizations face if found in breach of the Data Protection Act?
Fines and enforcement actions.
