Matt - Data management - Level 1 Flashcards
What is the Commissioners for Revenue and Customs Act (2005)?
It is the Act that introduced HM Revenue and Customs, and it also covers details about the role of the Valuation Office Agency.
Can you list some sections of the Commissioners for Revenue and Customs Act (2005) and what they relate to?
Section 7 - Details how the VOA compiles and maintains Valuation Lists and Rating Lists
Section 10 - Details the list of clients that the VOA may act for such as for HMRC or other public bodies
Section 17 - Sharing of information between HMRC and VOA
Section 18 - Sharing of information outside of VOA
Section 19 - Criminal offence to disclose information that can identify an individual
What does the Commissioners for Revenue and Customs Act (2005) detail about information sharing?
Information sharing can only be done if it is reasonable and proportionate to do so, and there is a duty of confidentiality.
What is the Data Management Act (2008)?
Sorry, this is a mistake on my submission. I mean the Data Protection Act (2018)
What is the Data Protection Act (2018)?
This is the UK’s implementation of the General Data Protection Regulations
What is the purpose of the Data Protection Act (2018)?
It gives people the right to be informed about how their personal information is used
What are the 7 data protection principles for the Data Protection Act (2018)?
- Lawfulness, fairness and transparency
- Legitimate interest (purpose limitation)
- Data minimisation (adequate, relevant and not excessive)
- Accurate and up to date
- Storage limitation (don’t keep for longer than necessary)
- Confidentiality
- Accountability
What are potential fines for data protection breaches?
- Warning
- Restrictions on data processing
- Fine of up to 4% of annual turnover of the company or £17.5m, whichever is greater
How do you and your firm ensure that data is kept secure?
- Firewalls
- Strong passwords / 2FA
- Encryption
- VPNs
What would you do if data was breached?
- Inform the Data Protection Officer within 72 hours
- Give as many details as possible
What are the General Data Protection Regulations (2018)?
A europe wide law setting out how organisations need to handle personal data from May 2018
What does GDPR relate to?
Personal data - any information relating to an identifiable person
What role must all firms have under GDPR?
- Controller
- Processor
- Data Protection Officer
What are the 8 individual rights under GDPR?
- Right to be informed
- Right of access
- Right to rectification
- Right to erase
- Right to restrict processing
- Right to portability
- Right to object
- Rights in relation to automated decision making and profiling
What are the 6 principles under Article 5(1) for GDPR?
- Processed lawfully and in a transparent manner
- Collected for specified explicit and legitimate interest
- Adequate, relevant and necessary
- Accurate and up to date
- Not kept longer than necessary
- Processed in a manner which ensures appropriate security