Data protecton -law Flashcards
Explain the term Manual data
Physical data recorded as part of a filing system. e.g. CV on file, interviewer notes
Explain the term Automated data
Data held electronically
The Data Protection Acts 1988-2003 regulate the processing of personal data of a living person which is in the possession of a Data Controller
explain Sensitive personal data
Data in relation to
1. Racial or ethnic origin, political opinions, religious or philosophical
beliefs
2. Trade union membership
3. Physical/mental health or condition, or sexual life
4. Information in relation to the commission or alleged commission
of any offence, related proceedings/disposal of proceedings or sentences.
In general the express permission of the data subject must be obtained before sensitive personal data can be gathered or processed. (some exceptions)
Give a definition for data controller
controls the content and use of personal data. Must be a person recognised in law i.e. a natural person, organisation or body corporate.
Explain the term Data Processor
any person other than the Data Controller who processes the data on behalf of the DC
Registration with the Office of the Data Protection Commissioner
Financial institutions, government/public bodies, telecoms and internet providers businesses mainly involved in direct marketing, data processing, debt collection, credit references
Give a defition for a data subject
A living person who is the subject of personal data.
e.g. Workers (past/present/future), customers, employees, students.
Explain the six lawful bases
A business will need to look at the data it holds on a Data Subject and then refer to the six lawful bases to decide which one it can rely on for processing of the Data Subject’s personal data.
list the six Lawful bases
Consent
* Legal Obligation
* Vital Interest
* Legitimate Interest
* Performance of a Contract
* Public Interest
Explain the term concent
For example a customer must be given the option to opt in to receiving marketing emails
Explain the term Legal Obligation
For example Safety Health and Welfare at Work Act 2005 ,
You must retain all accident reports and incident report forms for 10 years
Revenue Commissioners, Working Time Act.
explain the term Vital interest
For example it is permissible to hand over someone’s information in a medical emergenc
explain the term Legitmate interest
For example sending appointment reminders to customers, although there can be no marketing material included
Explain the term Performance of a contract
For example an employer requiring specific information from an employee so that they can enter into a contract of employment
Explain the term Pubic interest
For example the Central Statistics Office carrying out a census.
Explain the six principals of GDPR
Lawfulness, fairness and transparency
Tell the Data Subject why you are collecting their data and what you will be doing with it, and explain the lawful basis/bases that it is relying upon
Purpose Limitations
Data can only be used for a specific processing purpose that the subject has been made aware of and no other additional purpose, without further consent
Data Minimisation
Only ask the Data Subject for the least amount of information that you need to satisfy one of the 6 lawful bases
Accuracy
Data held must be up to date and accurate
Storage Limitations
Cannot keep Data Subject’s information indefinitely without grounds to do so. The business must have a Data Retention Policy in place
Integrity and Confidentiality
Protect against unlawful processing or accidental loss, destruction or damage.