GDPR Flashcards
What is REDACTION
Redaction is a form of editing. A document can have certain parts “redacted”, meaning
that names and personal details and personal information are removed to ensure
compliance with the requirement to keep a client’s information confidential and secure
What are The GDPR seven key principles?
Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality (security) Accountability
Who does the UK GDPR apply to?
The UK GDPR applies to ‘controllers’ and ‘processors’.
UK GDPR - Define Controller
A controller determines the purposes and means of processing personal data.
UK GDPR - Define Processors
A processor is responsible for processing personal data on behalf of a controller.
UK GDPR - Processors - Give an example of the UK GDPR specific legal Obligations
you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
UK GDPR - Controller- Give an example of the UK GDPR specific legal Obligations
If you are a controller, you are not relieved of your obligations where a processor is involved –
the UK GDPR places further obligations on you to ensure your contracts with processors comply with the
UK GDPR
When does the The UK GDPR apply to Processing?
The UK GDPR applies to processing carried out by organisations operating within the UK. It also applies
to organisations outside the UK that offer goods or services to individuals in the UK.
When does the The UK GDPR NOT apply to Processing?
The UK GDPR does not apply to certain activities including:
*Processing covered by the Law Enforcement Directive,
*Processing for national security purposes and *Processing carried out by individuals purely for
personal/household activities.
What is personal data?
Personal data only includes information relating to natural persons who:
- Can be identified or who are identifiable, directly from the information in question; or
- Who can be indirectly identified from that information in combination with other information.
GDPR - How can Pseudonymised data help?
Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but
it is still personal data.
The UK GDPR covers the processing of personal data in two ways:
- *Personal data processed wholly or partly by automated means (that is, information in electronic form); and
- *Personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (that is, manual information in a filing system).
Personal data - special categories
Personal data may also include special categories of personal data or criminal conviction and offences
data. These are considered to be more sensitive and you may only process them in more limited
circumstances.
What is Anonymisation.
is a data processing technique that removes or modifies personally identifiable information; it results in anonymized data that cannot be associated with any one individual.
If personal data can be truly anonymised then the anonymised data is not subject to the UK GDPR. It is
important to understand what personal data is in order to understand if the data has been anonymised.
GDPR - Deceased Person
Information about a deceased person does not constitute personal data and therefore is not subject to
the UK GDPR.
