Legal Issues in Computing

Question 1

What does GDPR stand for

Answer 1

General Data Protection Regulations

Question 2

What are the three types of data GDPR decribes

Answer 2

Personal data, Special category data, Criminal offence data

Question 3

Define Personal Data

Answer 3

Name, address, NI number, Passport number, any personally identifiable information must be protected

Question 4

Define Special category data

Answer 4

Racial origins, sexual orientation, religion, politics, things you might be discriminated against

Question 5

What are the seven data protection principles

Answer 5

Lawfulness, Purpose limitation, Data minimization, Accuracy, Storage limitations, Integrity and confidentiality, Accountability

Question 6

Define Data Controller

Answer 6

They determine the purpose and essential means for using personal data

Question 7

Define Data Processor

Answer 7

Often a subcontracted company that handles data without making any key decisions about data

Question 8

Define Data Subject

Answer 8

An identified or identifiable natural person

Question 9

Define Lawfulness in GDPR

Answer 9

Valid grounds or “lawful basis” for collecting & using personal data, not breaking other laws, not having an adverse impact on people, open and honest

Question 10

Define Purpose Limitation in GDPR

Answer 10

Clear about the purpose from the beginning, record purpose and send them to individual, new purpose require compatibility with original purpose or new consent

Question 11

Define Data minimization in GDPR

Answer 11

Ensure personal data adequate, relevant and limited to what is necessary, not gathered more data that goes beyond our purposes

Question 12

Define Accuracy in GDPR

Answer 12

Ensure personal data is not incorrect or misleading, update personal data as necessary, if there are inaccuracies in the data then correct it or erase it ASAP

Question 13

Define Storage Limitation in GDPR

Answer 13

Don’t keep personal data longer than required, justify how long you keep it with policy documentation, review data, erase/anonymize it when no longer needed

Question 14

Define Integrity and Confidentiality in GDPR

Answer 14

Ensure security measures are in place to protect personal data, appropriate technical and organizational measures, risk analysis, policies, measures, encryption, psudonyms

Question 15

Define Accountability in GDPR

Answer 15

Take responsibility for what you do with personal data and how you comply with other principles, Measures and records in place to demonstrate compliance e.g. data protection policies, contracts, documentations, recording breaches

Question 16

What are the 6 conditions for processing personal data

Answer 16

Consent, Contract, Legal obligation, Vital interests, Public task, Legitimate interests

Question 17

Define Consent

Answer 17

Have clear consent by individual to process for specific purpose

Question 18

Define Contract

Answer 18

Fulfilling or entering a contract

Question 19

Define Legal obligation

Answer 19

Complying with the law

Question 20

Define Vital interests

Answer 20

Protecting someone’s life

Question 21

Define Public task

Answer 21

Perform a task in public interest/official functions and clear legal basis

Question 22

Define Legitimate interests

Answer 22

Necessary unless good reason to protect personal data

Question 23

What are the Subject Rights

Answer 23

The Right to be Informed, The Right of Access, The Right to Rectification, The Right to Erasure, The Right to Restrict Processing, The Right to Data Portability,The Right to Object, Rights in Relation to Automated Decision-Making and Profiling

Question 24

Define The Right to be Informed

Answer 24

The right to be informed encompasses your obligation to provide fair processing information, typically through a privacy notice

Question 25

Define The Right of Access

Answer 25

Individuals will have the right to obtain confirmation that their data is being processed, access to their personal data, other supplementary information

Question 26

Define The Right to Rectification

Answer 26

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete

Question 27

Define The Right to Erasure

Answer 27

An individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing

Question 28

What are the two key points where the Right of Erasure applies

Answer 28

When the individual withdraws consent, when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing

Question 29

Define The Right to Restrict Processing

Answer 29

Individuals have the right to block or suppress processing of personal data, that means you are permitted to store the personal data but not further process it

Question 30

Define The Right to Data Portability

Answer 30

individuals are allow to obtain and reuse their personal data for their own purposes across different services

Question 31

Define The Right of Object

Answer 31

You must stop processing the personal data unless you can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedom of the individual

Question 32

Define Rights in Relation to Automated Decision-Making and Profiling

Answer 32

These are safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention