Data Protection/GDPR

Question 1

What does GDPR stand for?

Answer 1

General Data Protection Reulation

Question 2

What 2 protection Acts did the GDPR replace?

Answer 2

Data Protection Act (1988)
Data Protection Amendment Act (2003)
It protects your digital reputation

Question 3

What is the focus of Data Privacy Day (28th January)

Answer 3

It is the international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust

Question 4

What does the Data Protection Commission carry out?

Answer 4

Surveys and consults widely

Question 5

What are examples of unsolicited direct marketing

Answer 5

Phone calls
Texts
Emails
Postal communications

Question 6

What has begun to interest people

Answer 6

Right of access to records held by employers

Question 7

What are the top 3 most important matters relating to privacy

Answer 7

Medical records
Financial history
Credit card numbers

Question 8

What % of people indicated that they would make a complaint about the invasion of their privacy to the Gardaí

Answer 8

30%

Question 9

What % of people indicated that they would make a complaint about the invasion of their privacy to the Data Protection Commissioners Office

Answer 9

19%

Question 10

What is Data Privacy

Answer 10

Protects living individuals who have data about them stored on computers, or in structured manual files. This covers all electronic and paper records

Question 11

Who does GDPR apply to

Answer 11

All countries in the EU

Question 12

When is it legal to process data

Answer 12

1. By consent
2. To carry out a contract
3. In order for an organization to meet a legal obligation
4. Where processing the personal data is necessary to protect the vital interests of a person
5. Where processing the personal data is necessary for the performance of a task carried out in the public interest
6. In legitimate interests of an organization

Question 13

Limits to data processing

Answer 13

1. Lawfulness, fairness and transparency
2. Purpose Limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 14

What data is considered particularly sensitive and has additional protection under GDPR

Answer 14

Racial or ethnic origin
Physical or mental health
Political opinions
Sexual life or sexual orientation
Religious or philosophical beliefs

Genetic data and biometric data
Trade union membership

Question 15

Define personal data

Answer 15

It is information which refers to any living individual who is either identified or identifiable

Question 16

Define data subject

Answer 16

It is the individual to whom the personal data refers to

Question 17

Define data controller

Answer 17

It is a person, company or other body which decides the purposes and methods of processing personal data

Question 18

Define data processor

Answer 18

It is a person, company or other body which processes personal data on behalf of a data controller

Question 19

Data protection confers rights on data subjects such as…

Answer 19

Rights to be informed if, how, why and for how long your data is being processed

Right of access to be given a copy of information held within a month for no cost

Right to have your data corrected or supplemented if it is incorrect or incomplete

Right to have data erased when its use is over

Right to limit/restrict/object to the processing of your data

Right to complain to the data protection commissioner

To object to automated decision making right to claim compensation

Question 20

What is the difference between data protection acts and GDPR

Answer 20

The need for organizations to demonstrate a pro-active data protection policy about fair obtaining and purpose specification

Question 21

Define fair obtaining

Answer 21

To obtain personal information fairly and openly, disclosing the identity of the data controller and the uses of the data

Question 22

Define purpose specification

Answer 22

Both the organization and the data subjects must be clear about the purposes for the data

Question 23

Other obligations require adequate care, and clear policies about…

Answer 23

Use and disclosure of information

Security

Retention time

Ensuring that data is; accurate and up-to-date, adequate, relevant and not excessive

Question 24

What do use and disclosure of information, security, retention time all require

Answer 24

Training and education

Co-ordination and compliance

Specific policies to cover areas such as;
Access requests
Data breaches

Registration with the DPC

Question 25

What does the data protection commissioner do

Answer 25

Examines complaints

Conducts investigations and takes action

Can conduct privacy audits - “dawn raids”

Promotes compliance through guidance and “codes of good practice”

Check application for registration

Promotes public awareness of data protection

Makes an annual report to the Oireachtas which includes a selection of case studies

Question 26

How do organizations comply with the Act

Answer 26

They should complete a data protection impact assessment answering:

Why are you holding it?

How did you get it?

Why was it originally gathered?

How long will you retain it?

How secure is it, both in terms of encryption and accessibility?

Do you ever share it with third parties and on what basis might you do so?