GDPR Flashcards

1
Q

GDPR applies to personal data. Define the term personal data.(1)

A

These are data from which you can identify a living individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Give 2 examples of personal data.(2

A

Name, address, contact details – phone number/email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name two types of data that is covered by GDPR. (2

A

Personal data and Special category data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GDPR applies to data that can identify a living animal ?(1)

TRUE or FALSe

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List the 7 principles of GDPR. (7)

A

The principles of the GDPR are:

a. Data must be processed lawfully, fairly and in a transparent manner.

b. Data must be collected for a specified, explicit and legitimate purpose (purpose limitation).

c. Data processed must be adequate, relevant and limited to what is necessary (data minimisation).

d. Data processed must be accurate and, where necessary, kept up to date.

e. Reasonable steps must be taken to rectify data that is inaccurate.

f. Data must not be kept for longer than is necessary

g. Organisations must take appropriate technical and organisational measures against unauthorised/unlawful processing, loss, damage or destruction (integrity and confidentiality)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If there is a data breach in your practice, what are the mandatory requirements according to the GDPR? (2)

A

1 - The GDPR requires mandatory notification of a data security breach to the ICO, upon organisations, without undue delay and no later than 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the relevant individuals’ rights and freedoms. Late notification requires justification.

2 - You must also inform the individual(s) concerned, without undue delay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is it a requirement to have a Data Protection Officer employed in a veterinary practice? (2

A

DPOs need only be appointed if you have over 250 employees, are a public authority, carry out largescale systematic monitoring of individuals (online tracking etc) or carry out large-scale processing of special categories of data or data relating to criminal convictions and offences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Give two examples of special category date (2)

A

This category includes data about an individual’s race, ethnicity ,religious beliefs, health, trade union membership, sex life or sexual orientation and now also includes genetic data such as DNA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly