Data Protection Law

Question 1

Who are the parties involved in data protection?

Answer 1

Data controller - decider
Data processor - doer
Personal subject - us

Question 2

When does the Data Protection Act apply?

Answer 2

When personal data is held on computer or manual files by any organisation

Question 3

What is included in personal data?

Answer 3

Any information including recording of facts and expression of opinion about the individual

Question 4

Who is the Information Commissioner?

Answer 4

UK regulator for data protection
Statutory power to enforce compliance
Must be informed within 72 hours of a breach

Question 5

What are the repercussions for non-compliance?

Answer 5

Criminal conviction
Fine up to £18 million or 4% of global turnover

Question 6

What are the data protection principles?

Answer 6

Lawfulness, fairness and transparency - valid grounds for holding data
Purpose limitation - recorded and made clear to data subject from start
Data minimisation - adequate, relevant and not excessive
Accurate - not incorrect
Storage limitation - not kept longer than necessary
Integrity and confidentiality - appropriate security measures

Question 7

What are the rights of the data subject?

Answer 7

Informed - purpose and retention policy
Access - request info verbally/written provided in 1 month
Rectification - inaccurate info rectified
Erasure - have information erased
Data portability - obtain data to use in different service
Object
Automated decision making and profiling

Question 8

What are the exemptions from the Act?

Answer 8

Employment law
Academic institutions
Scientific/historical research organisations
Individual rights limited where used to commit crimes, disrupt legal proceedings/public authorities and regulators