Legal Issues in Computing Flashcards

1
Q

What does GDPR stand for

A

General Data Protection Regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three types of data GDPR decribes

A

Personal data, Special category data, Criminal offence data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Personal Data

A

Name, address, NI number, Passport number, any personally identifiable information must be protected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Special category data

A

Racial origins, sexual orientation, religion, politics, things you might be discriminated against

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the seven data protection principles

A

Lawfulness, Purpose limitation, Data minimization, Accuracy, Storage limitations, Integrity and confidentiality, Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Data Controller

A

They determine the purpose and essential means for using personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Data Processor

A

Often a subcontracted company that handles data without making any key decisions about data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Data Subject

A

An identified or identifiable natural person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Lawfulness in GDPR

A

Valid grounds or “lawful basis” for collecting & using personal data, not breaking other laws, not having an adverse impact on people, open and honest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Purpose Limitation in GDPR

A

Clear about the purpose from the beginning, record purpose and send them to individual, new purpose require compatibility with original purpose or new consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Data minimization in GDPR

A

Ensure personal data adequate, relevant and limited to what is necessary, not gathered more data that goes beyond our purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Accuracy in GDPR

A

Ensure personal data is not incorrect or misleading, update personal data as necessary, if there are inaccuracies in the data then correct it or erase it ASAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Storage Limitation in GDPR

A

Don’t keep personal data longer than required, justify how long you keep it with policy documentation, review data, erase/anonymize it when no longer needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Integrity and Confidentiality in GDPR

A

Ensure security measures are in place to protect personal data, appropriate technical and organizational measures, risk analysis, policies, measures, encryption, psudonyms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define Accountability in GDPR

A

Take responsibility for what you do with personal data and how you comply with other principles, Measures and records in place to demonstrate compliance e.g. data protection policies, contracts, documentations, recording breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 6 conditions for processing personal data

A

Consent, Contract, Legal obligation, Vital interests, Public task, Legitimate interests

17
Q

Define Consent

A

Have clear consent by individual to process for specific purpose

18
Q

Define Contract

A

Fulfilling or entering a contract

19
Q

Define Legal obligation

A

Complying with the law

20
Q

Define Vital interests

A

Protecting someone’s life

21
Q

Define Public task

A

Perform a task in public interest/official functions and clear legal basis

22
Q

Define Legitimate interests

A

Necessary unless good reason to protect personal data

23
Q

What are the Subject Rights

A

The Right to be Informed, The Right of Access, The Right to Rectification, The Right to Erasure, The Right to Restrict Processing, The Right to Data Portability,The Right to Object, Rights in Relation to Automated Decision-Making and Profiling

24
Q

Define The Right to be Informed

A

The right to be informed encompasses your obligation to provide fair processing information, typically through a privacy notice

25
Q

Define The Right of Access

A

Individuals will have the right to obtain confirmation that their data is being processed, access to their personal data, other supplementary information

26
Q

Define The Right to Rectification

A

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete

27
Q

Define The Right to Erasure

A

An individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing

28
Q

What are the two key points where the Right of Erasure applies

A

When the individual withdraws consent, when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing

29
Q

Define The Right to Restrict Processing

A

Individuals have the right to block or suppress processing of personal data, that means you are permitted to store the personal data but not further process it

30
Q

Define The Right to Data Portability

A

individuals are allow to obtain and reuse their personal data for their own purposes across different services

31
Q

Define The Right of Object

A

You must stop processing the personal data unless you can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedom of the individual

32
Q

Define Rights in Relation to Automated Decision-Making and Profiling

A

These are safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention