L4 Data Protection and GDPR Flashcards

1
Q

personal data

A

any information relatinf to an identified or indentifiable natural person, including names, identification number, location data, online identifiers, or oe or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

data processing

A

any operation or set of operations performed on personal data whether automated or not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

data processor

A

any organisatoin responsible for processing data on behalf of data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

rights in relation to data

A
  • General Data Protection Regulation (GDPR) 2018
  • Data Protection Acts 1988 to 2018 (before GDPR)
  • Freedom of Information Act 2014
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

responsibilities in relation to data - compliance with law

A
  • Data Protection Acts 1988 to 2018
  • Freedom of Information Act 2014
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

responsibilities in relation to data - compliance with national guidelines for health professionals

A
  • Data protection and Freedom of information legislation: Guidance for health service staff
  • CORU Code of Ethics and Professional Conduct
  • National Consent Policy 2013, 2016
  • Record Retentions Periods, 2013
  • HSE Data Protection Policy, 2019
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

8 rights of GDPR

A
  1. the right to be informed
  2. the right to access information
  3. the right to rectification
  4. right to erasure
  5. right to data protability
  6. right to object to processing of personal data
  7. right to restriction
  8. right in relation to automated descision making, including profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data protection commission

A

The national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is the DPC’s role

A
  • Investigate complaints made by the general public
  • Carry out investigations proactively.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Responsibilities of Organisations

A
  • Collect no more data than is necessary from an individual for the purpose for which it will be used
  • Obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
  • Retain the data for no longer than is necessary for that specified purpose
  • Keep data safe and secure
  • Provide an individual with a copy of his or her personal data if they request it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

8 rules of Data Protections

A
  1. obtain and process information fairly
  2. keep information for only one or more specified, explicit and lawful purposes
  3. use nad disclose only in ways compatible with these purposes
  4. keep it safe and secure
  5. keep it accurate, complete and up-to-date
  6. ensure that it is aequate, relevant and not excessive
  7. retain it for no longer than is necssary for the purpose or purposes
  8. Give a copy of their personal data to that individual, on request
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HSE retention policy for children and young people

A
  • Retain until the patient’s 25th birthday or 26th if young person was 17 at the conclusion of treatment, or 8 years after death.
  • If the illness or death could have potential relevance to adult conditions or have genetic implications, the advice of clinicians should be sought as to whether to retain the records for a longer period.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

HSE retention policy for adults

A

8 years after conclusion of treatment or death

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Freedom of Information ACt 2014

A
  • Every individual has the right to apply for access to records (personal or non personal) held by a public body and to have inaccurate or misleading personal information amended, corrected, or deleted
  • (subject to specific exemptions, having regard to the public interest and the right to privacy)
  • Covers personal information (education, medical, psychiatric, psychological history, financial history), and records (paper records: books, files, letters, loose papers, diaries, post-it notes, and computer printouts; disks, servers, databases)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

how to make an application under FOI

A
  • Must be in writing to head of public body using specific form
  • Must specify the records required and the manner in which access is sought e.g. inspect the originals, obtain photocopies etc
  • Must state that the request is being made under the FOI Act 2014
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

HSE SARS Procedure

A
  1. Use SAR form or write to HSE service
  2. HSE verifies your identity
  3. Identify data you want
  4. Locate the data
  5. Collect the data
  6. Extract and possibly redact
  7. Provide copy