Topic 4: Need to know legislation and regulatory requirements

Question 1

What does the Data Protection Act 1998 do?

Answer 1

It protects people’s data from being misused and regulates the ways in which it is used

Question 2

What are the key principles of the data protection act?

Answer 2

Individuals can see what data is held about them
Data is only collected with an individuals permission
Used for it’s intended purpose
Information only to be given on a ‘need to know basis’
Information stored securely in a locked cabinet or on a password protected computer

Question 3

What are the exceptions to confidentiality?

Answer 3

Risk to self - mental health or dementia
Risk to others - lack of capacity or dementia
Risk of being hurt by others - anyone who’s vulnerable e.g. children in care or those with disabilities

Question 4

Changes to Data Protection Act under GDPR…

Answer 4

If collecting data, the reason for doing so must be understandable
Sensitive data: individuals will have to ‘opt in’ rather than opt out
Individuals must have the rights to access their data
Individuals have the right to withdraw their consent at any time and prevent further distribution
If there is a security breach individuals whose data it is must be notified

Question 5

What has changed under GDPR to the processed fairly and lawfully clause?

Answer 5

Data should only be collected if needed and lawful

DBS checks must be justified by the law

Question 6

What has changed under GDPR to the used for it’s intended purpose clause?

Answer 6

Genetic and biometric data is considered to be sensitive data now and should only be requested if it’s relevant

Question 7

Update to the ‘relevant’ clause under the GDPR…

Answer 7

Notices on sites have to be given letting users know how the site uses their data