SLR16 Flashcards
What is the DPA
Data Protection Act
What are the three defining roles of the DPA
- The data subject
- The data controller
- The data commissioner
In terms of the DPA: who is the data subject
The individual who has their data stored somewhere outside of their control
In terms of the DPA: who is the data controller
The data controller determines what data an organisation can collect, how this data is collected, how it is processed and stored
In terms of the DPA: who is the data commissioner
The data commissioner has the power to enforce the data protection act
Who does the data commissioner report to and who are they appointed by
Directly to parliament and the crown
What are the two categories for data in the DPA
Personal data
Sensitive data
Name some of the 5 examples of personal data
- Name
- Address
- Banking details
- Data of birth
- Financial transactions
Name some of the 8 examples of sensitive data
- Nationality
- Ethnicity
- Political beliefs
- Trade union membership
- Genetics
- Biometrics
- Health
- Sexual orientation
Why was the 1998 British DPA updated in 2018
To bring it into line with the 2015 EU GDPR as the 1998 version covered most but not all of it
What does GDPR mean
General Data Protection Regulation
State the 8 steps a organisation must take when handling data (REWORK THIS CARD)
- Collected and used fairly and within the restraints of the law
- Only held for specific reasons
- Only used for the registered purpose it was intended for
- Adequate, relevant and not excessive
- Kept accurate and up to date
- Not kept longer than necessary
- Kept safe and secure
- No transfer outside the EEA unless the country has data protection
In the DPA what are the 7 rights of the data subjects
- Right of subject access
- Right of correction
- Right to prevent distress
- Right to prevent direct marketing
- Right to prevent automatic decisions
- Right of complaint to the information commissioner
- Right to compensation