Optional - Data Management (L3) Flashcards
Summary of experience: level one
What is GDPR?
GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union.
Summary of experience: level one
What do you need to do if you have a data breach?
Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.
Summary of experience: level one
What are the fines for non-compliance with UK GDPR?
Up to 4% of global turnover, or £7.5 million. (Whichever is greater)
Summary of experience: level one
What are the principles of Data Protection Act 2018?
- Processed lawfully, fairly and in a transparent manner
- Collected for specified and legitimate purposes
- Accurate
- Not transferred to countries with less info than your own
Summary of experience: level one
What are the 8 Individual Rights Under GDPR?
- Right to Information
- Right of Access
- Right of Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Automated Decision Making
(IARERDOA)
Summary of experience: level one
What is an SAR?
Subject Access Request – Demand that the individual be given all the information that a company holds on them.
Summary of experience: level one
What are the principles of UK GDPR?
A. There are six:
(1) Lawfulness, fairness and transparency
(2) Integrity and confidentiality (security)
(3) Accuracy
(4) Data minimization – only collect it when you need.
(5) Purpose Limitation – be specific about the purpose of the data collection
(6) Accountability – record and prove compliance
(7) Storage Limitations – store data for a necessary limited period and then erase
Summary of experience: level one
Give me an example of how your company is compliant with GDPR
- When we send out marketing emails to prospective purchasers, we send emails individually rather en masse.
- On marketing emails, we give people the right to be removed from our database
- Privacy notice when we collect data
- Fair Processing Notice on website
Summary of experience: level one
Does your company tell people how their data is stored?
Yes, our website gives detail on our ‘Fair Processing Notices’ which outlines:
* our purpose of collecting personal data
* how to unsubscribe from marketing communication
* special catergories of data are necessary for fulfilling legal obligations relating to AML
Summary of experience: level one
What is Primary Data?
Data that is collected first hand
Summary of experience: level one
What is Secondary Data
Data that we access from third party sources
Summary of experience: level one
What are the limitations of Secondary Data?
We cannot verify the accuracy of the data as we did not collect it ourselves
Summary of experience: level one
How do you check secondary data?
Get to the source of the data. If the primary data collector is identifiable, try and verify the information directly with them
Summary of experience: level one
Has the UK got its own version of GDPR?
DPA 2018 is the primary piece of legislation that replaced DPA 1998 and filled in the blanks that EU GDPR couldn’t specifically address in the UK.
After the Brexit transition period, UK GDPR came into force 01/01/2021. UK GDPR is essentially the same as EU GDPR and must be read in conjunction with DPA 2018.
Summary of experience: level one
What is personal data?
Information that makes someone personally identifiable