GDRP Flashcards
What are examples of personal data?
Name, address, National Insurance Number, passport number, any personally identifiable information
What is special category data?
Racial origins, sexual orientation, religion, politics, things you might be discriminated against.
What is a data controller?
Someone who determines the purpose and essentials means for using personal data.
What is a data processor?
A subcontracted company that handles data without making key decisions about that data
What is a data subject?
An identifiable natural person.
What is the General Data Protection Regulations (GDPR) for?
A law that sets the guidelines for safely and securely storing data and information.
What are the 7 principles for GDPR?
1) Lawfulness, fairness, and transparency
2) Purpose Limitation
3) Data minimization
4) Accuracy
5) Storage Limitation
6) Integrity and confidentiality (security)
7) Accountability
What is the Lawfulness, fairness and transparency law?
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. There must be valid grounds for collecting and using personal data.
What is the purpose limitation law?
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
What is the data minimisation law?
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Not gathering any more than needed.
What is the data minimisation law?
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Not gathering any more than needed.
What is the accuracy law?
Personal data shall be accurate and where necessary kept up to date.
What is the storage limitation law?
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
What is the integrity and confidentiality law?
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate measures.
What is the accountability law?
The controller shall be responsible for and be able to demonstrate compliance with the Data Protections Principles.