Intermediate Flashcards
Provide an example of how the key principle “lawfulness, fairness and transparency” can be adhered to
Clearly communicate the lawful basis for processing personal data to individuals using a privacy notice
Provide an example of how the key principle “purpose limitation” can be adhered to
Ensuring that personal data is only collected for specific and lawful purposes.
Making sure that personal data is not used for any other purposes.
Provide an example of how the key principle “data minimisation” can be adhered to
Limiting the amount of personal data collected to what is necessary for the original purpose.
Avoiding the collection of unnecessary or excessive personal data.
Provide an example of how the key principle “Accuracy” can be adhered to
Taking reasonable steps to ensure that personal data is accurate and up to date.
Correcting any errors in personal data as soon as possible.
Provide an example of how the key principle “storage limitation” can be adhered to
Ensuring personal data is only kept for as long as necessary.
Implementing retention policies to ensure that personal data is not kept for longer than necessary.
Provide an example of how the key principle “integrity and confidentiality” can be adhered to
Implementing appropriate technical and organisational measures to ensure the security of personal data.
Ensuring that personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage.
Provide an example of how the key principle “accountability” can be adhered to
Appointing a DPO to oversee compliance with UK GDPR.
Implementing policies and procedures to ensure compliance with the UK GDPR, such as ensuring DPIAs are completed.
Explain when a data breach must be reported to the ICO and the relevant timescales
Where a breach is likely to result in a high risk to individuals’ rights, the ICO must be informed. This must be done within 72 hours of the organisation becoming aware. The data subject may also need to be informed.
Explain each of the six lawful bases for processing personal data
Consent - The individual must give clear consent to you to process their personal data for a specific purpose.
Contract - The processing is necessary for a contract you have with the individual, or for taking steps at the individual’s request to enter into a contract.
Legal obligation - The processing is necessary for the compliance with a legal obligation, for example employment law.
Vital interests - The processing is necessary to protect someone’s life.
Public interest - The processing is necessary for the performance of a task carried out in the public interest.
Legitimate interest - The processing is necessary for the legitimate interests of a third party, unless there is a good reason to protect the individual’a personal data.