General Data Protection Regulation (GDPR) Flashcards

1
Q

What is the GDPR?

A

The processing of personal data to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What new act is all about personal information and the way that is collected, stored and used?

A

Data Protection Act - May 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who overseas the DP Act?

A

Information comissionar (IC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the DP Act require?

A

Anyone who records and uses personal information to be registered with the IC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define data subject

A

An identified or identifiable living ‘natural individual’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define data processing

A
  • Collecting. recording, organising, structuring, storing, retrieval, consulting, use and disclosure of data
  • Someone who does any of the above is a data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define data controller

A

A person with overall responsibility for the processing of information - decides what data to process and how

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define information commissioner’s office (ICO)

A

The independent authority for the UK which will uphold information rights in the public interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is classes as personal information (PI)?

A

Name and address
Tel number
Email
Details of medicines dispensed
NHS number Age

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are organisations expected to handle and use PI?

A
  • Be transparent is explaining the use of PI
  • Provide choices about how PI used where appropriate to do so
  • Keep it secure
  • Only collect and retain the minimum amount of PI necessary to carry out their functions
  • Only retain data for as long as it is required
  • Report any loss of PI promptly
    Severe penalties for non-compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is special category data and what are some examples?

A

Personal information that is especially sensitive
- Race/ethnic origin
- Religious
- Political opinions
- Trade union memberships
- Biometric data used to identify an individual
- Genetic/Health data
- Data related - sexual preference, sex life, sexual orientation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The processing of special category data is prohibited unless what?

A
  • The data subject has been given explicit consent to the processing for one or more specified purpose OR
  • Processing is necessary for the purpose of the provision of health care or treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the rights of individuals?

A

The right to;
1. be informed
2. access
3. rectification
4. erasure
5. restrict processing
6. data portability
7. object to data processing
8. Not to be subject to automated decision-making including profiling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe ‘right to be informed’

A

Display privacy notice - explain how it will handle PI - should be in plain english on website or in pharmacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe ‘right of access’

A

People can request information help about them - no charge and be provided within one calendar month

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe ‘right to rectification’

A

right to request that any information entry amended - some information retained even if incorrect

17
Q

Describe ‘right to object to data processing’

A

People have the right to object to processing their data

18
Q

What right of individuals are applied to pharmacy?

A
  1. Right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to object to data processing
19
Q

Define consent

A

express willingness, give permission,agree

20
Q

What are the two types of consent?

A

Explicit and implied

21
Q

For a person to give consent they must do?

A
  • Have the capacity to do so
  • Be acting voluntarily
  • Have enough information to allow them to make an informed decision
  • Be capable of weighing up the information provided
22
Q

When can disclosure of confidential information happen?

A
  • A patient agrees to their info being disclosed
  • The law requires for the info to be disclosed
    -It is the public interest to disclose the information
    Records should be made
23
Q

Who can request info about a data subject without consent of data subject?

A
  • The police or another enforcement
  • A healthcare authority
  • A healthcare regulator
  • NHS counter-fraud officer
  • A coroner, judge or court
24
Q

Why is it that some confidential info can be disclosed without consent if it is in the public interest?

A

To prevent:
- serious crime
- serious harm to a person receiving care or to a third party
- serious risk to public health