Legal Issues in Computing Flashcards
What does GDPR stand for
General Data Protection Regulations
What are the three types of data GDPR decribes
Personal data, Special category data, Criminal offence data
Define Personal Data
Name, address, NI number, Passport number, any personally identifiable information must be protected
Define Special category data
Racial origins, sexual orientation, religion, politics, things you might be discriminated against
What are the seven data protection principles
Lawfulness, Purpose limitation, Data minimization, Accuracy, Storage limitations, Integrity and confidentiality, Accountability
Define Data Controller
They determine the purpose and essential means for using personal data
Define Data Processor
Often a subcontracted company that handles data without making any key decisions about data
Define Data Subject
An identified or identifiable natural person
Define Lawfulness in GDPR
Valid grounds or “lawful basis” for collecting & using personal data, not breaking other laws, not having an adverse impact on people, open and honest
Define Purpose Limitation in GDPR
Clear about the purpose from the beginning, record purpose and send them to individual, new purpose require compatibility with original purpose or new consent
Define Data minimization in GDPR
Ensure personal data adequate, relevant and limited to what is necessary, not gathered more data that goes beyond our purposes
Define Accuracy in GDPR
Ensure personal data is not incorrect or misleading, update personal data as necessary, if there are inaccuracies in the data then correct it or erase it ASAP
Define Storage Limitation in GDPR
Don’t keep personal data longer than required, justify how long you keep it with policy documentation, review data, erase/anonymize it when no longer needed
Define Integrity and Confidentiality in GDPR
Ensure security measures are in place to protect personal data, appropriate technical and organizational measures, risk analysis, policies, measures, encryption, psudonyms
Define Accountability in GDPR
Take responsibility for what you do with personal data and how you comply with other principles, Measures and records in place to demonstrate compliance e.g. data protection policies, contracts, documentations, recording breaches