Data Protection and GDPR Flashcards
What is GDPR?
EU General Data Protection Regulation…
What are companies obliged to do if you request your data?
Companies are legally required to share the data they are holding about you if you request it. Although there are certain cases where they can refuse, i.e. if it was related to a crime, the armed forces, or taxation.
What are the rights for individuals/data subject?
The right to be informed The right of access the right of rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making and profiling
What is the ICO?
The Information Commissioner’s Office
What does the ICO do?
The Information Commissioner’s Office (ICO) has responsibility and powers to enforce data protection and information law in the United Kingdom. The role of the ICO is, in their own words, to “uphold information rights in the public interest.” The legislation that the ICO covers includes:
- The Data Protection Act
- Freedom of Information Act
- Privacy and Electronic Communications Regulations General Data Protection Regulation
- Environmental Information Regulations
- Re-use of Public Sector Information Regulations
What is the data protection act 2018?
The Data Protection Act 2018 seeks to replicate the provisions of GDPR within UK law. The 2018 Data Protection Act is the “third generation” of data protection law in the UK and aims to modernise data protection laws to ensure they are effective in the years to come. Note that the new Act has replaced the Data Protection Act 1998 which is no longer in force. Instead, the 2018 Act brings into UK law key provisions of the EU’s GDPR which has direct effect across all EU Member States. However, the Data Protection Act 2018 is also in place to provide certainty to businesses after the UK makes its planned exit from the EU in March 2019.
The Act, together with the GDPR, sets out to protect individuals with regard to the processing of personal data, in particular by requiring personal data to be processed lawfully and fairly, on the basis of the data subject’s consent or another specified basis; by conferring rights on the data subject to obtain information about the processing of personal data and to require inaccurate personal data to be rectified; and by conferring functions on the Information Commissioner, giving the holder of that office responsibility for monitoring and enforcing the provisions of the Data Protection Act 2018 and the GDPR.
How have large companies reacted to GDPR?
Large and transnational organisations have had to rethink the way they handle the design and security of their systems and processes from the top down and at every level, taking steps to ensure that the privacy of their customer data is protected and not unlawfully transmitted across borders, ie between the US and the EU markets. Remember that for many transnational companies, especially those in the tech or social media sectors, data is the lifeblood of their business.
So transnational companies with huge EU user bases (like Facebook, Google and Twitter, to give just three examples) have had to update their business and security policies to ensure data protection and privacy compliance in accordance with European data protection law. However, GDPR is certainly having an impact on how larger corporations address their cross-border data policies and has even reportedly led to some of these companies adopting some of the more basic EU protections in all countries in which they operate, regardless of whether those countries are in the EU or outside of it.
How have SMEs and start-ups reacted to GDPR?
Small organisations are not exempt from their responsibilities under the GDPR, despite a myth in circulation that companies with fewer than 250 employees are not subject to the law. This is incorrect - all organisations that handle and process personal data irrespective of size and number of employees are equally subject to data protection law. However, it has been SMEs, start-ups and small/micro businesses that have found gearing up for compliance to be somewhat complicated and expensive.
What are SMEs?
Small and medium-sized enterprises
What is privacy by design?
Privacy by Design is an approach to project planning that promotes privacy and data protection compliance. Too often, privacy doesn’t even feature in the early planning for software, web or app developments, and is an afterthought, tacked onto the finished product when legal issues emerge.
What are the benefits of privacy by design?
Integrating the Privacy by Design mindset into your projects will help you build trust with new clients or employers, by demonstrating that you understand how to help them meet their legal obligations under the Data Protection Act 2018 and GDPR, and how to help them avoid breaching data protection and privacy legislation.
What are the duties of the data controller/ principles of data protection?
Lawfulness Fairness Transparency Limitation on purpose Minimisation of data Limitation on storage Integrity and confidentiality Accountability
What is intellectual property?
Intellectual property (IP) is a category of property that includes intangible creations of the human intellect. There are many types of intellectual property, and some countries recognize more than others. The most well-known types are copyrights, patents, trademarks, and trade secrets.