11. Data protection. Flashcards by Robert Owen

T/F: data protection legislation applies only to that collected or recorded in electronic form.

FALSE

How well did you know this?

Not at all

Perfectly

The most recent primary legislation regarding data protection in the UK is the …

Data Protection Act (2018)

How well did you know this?

Not at all

Perfectly

The Data Protection Act (2018) implements and supplements the EU’s ….

General Data Protection Regulation (GDPR)

How well did you know this?

Not at all

Perfectly

GDPR: General Data Protection R*

regulation

How well did you know this?

Not at all

Perfectly

“…” means any information relating to an identified or identifiable living individual.

personal data

How well did you know this?

Not at all

Perfectly

“Personal data” means any information relating to an [I or I LI]*

identified or identifiable living individual

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C*, R, S, A, D, C, D

collection

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C, R*, S, A, D, C, D

recording

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C, R, S*, A, D, C, D

storage

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C, R, S, A*, D, C, D

adaptation

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C, R, S, A, D*, C, D

disclosure

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C, R, S, A, D, C*, D

combination

How well did you know this?

Not at all

Perfectly

“processing” information can involve: C, R, S, A, D, C, D*

destruction

How well did you know this?

Not at all

Perfectly

Data protection (does / does not) require safeguards where automated decision making occurs on the basis of information provided by/collected on data subjects.

does

How well did you know this?

Not at all

Perfectly

DC* determine the purpose and means of processing personal data.

data controllers

How well did you know this?

Not at all

Perfectly

DP* are responsible for processing personal data on behalf of a controller.

data processors

How well did you know this?

Not at all

Perfectly

DS* are identified or identifiable individuals (not companies) to whom personal data relates.

data subjects

How well did you know this?

Not at all

Perfectly

A limited company (can / can not) be a ‘data subject’.

can not

How well did you know this?

Not at all

Perfectly

Data protection legislation applies to … organisations.

all

How well did you know this?

Not at all

Perfectly

Opinions, as distinguished from facts, (do / do not) fall within the scope of data protection legislation.

How well did you know this?

Not at all

Perfectly

The person responsible for data regulation in the UK is the …

Information Commissioner

How well did you know this?

Not at all

Perfectly

Data protection law in the UK uses a (prescriptive / risk based) approach.

risk based

How well did you know this?

Not at all

Perfectly

Information which an individual has published about themselves, for example a professional profile, (is / is not) nevertheless covered by data protection legislation.

How well did you know this?

Not at all

Perfectly

Any data breach must be reported to the information commissioner within …

72 hours

How well did you know this?

Not at all

Perfectly

Individuals whose data is subject to a breach need only be informed directly if the case is ...

high risk

Data protection principles: LFAT* (G, C, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL (RP), I (CAS)

lawfullness, fairness and transparency

Data protection principles: LFAT (G*, C, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL (RP), I (CAS)

grounds for holding the data

Data protection principles: LFAT (G, C*, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL (RP), I (CAS)

clarity in how the data is used

Data protection principles: LFAT (G, C, OAH*), PL (S, E, L), DM (A, R, NE), A (C), SL (RP), I (CAS)

openness and honesty in how the data is used from the start

Data protection principles: LFAT (G, C, OAH), PL* (S, E, L, CfNP), DM (A, R, NE), A (C), SL (RP), I (CAS)

purpose limitation

Data protection principles: LFAT (G, C, OAH), PL (S, E, L)*, DM (A, R, NE), A (C), SL (RP), I (CAS)

the purpose for recording the data must be specified, explicit and legitimate

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM* (A, R, NE), A (C), SL (RP), I (CAS)

data minimisation

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A*, R, NE), A (C), SL (RP), I (CAS)

adequate - sufficient to fulfil the purpose and no more

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R*, NE), A (C), SL (RP), I (CAS)

relevant - linked rationally to the purpose

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE*), A (C), SL (RP), I (CAS)

not excessive - limited to what is necessary to fulfil the purpose

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE), A* (C), SL (RP), I (CAS)

accuracy - reasonable steps must be taken to ensure the data is not incorrect or misleading

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE), A (C*), SL (RP), I (CAS)

correction of data which is found to be inaccurate or misleading

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL* (RP), I (CAS)

storage limitation - data should not be kept for longer than is necessary for the purpose for which it was collected

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL (RP*), I (CAS)

retention policy - data which is no longer needed should be destroyed or anonymised

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL (RP), I* (CAS)

integrity - data processing must take appropriate security measures as regards risks that might arise

Data protection principles: LFAT (G, C, OAH), PL (S, E, L), DM (A, R, NE), A (C), SL (RP), I (CAS*)

confidentiality and security

Data protection principles: LFAT (G, C, OAH), PL (S, E, L, CfNP*), DM (A, R, NE), A (C), SL (RP), I (CAS)

consent - if the data is used for a new purpose

A business must have a valid '...' in order to process personal data.

lawful basis

Most lawful bases require that processing is ‘...’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis.

necessary

Most lawful bases require that processing is ‘necessary’ for a SP*. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis.

specific purpose

If a buisiness intends to process data, it must determine its ... before it begins processing, and should document it.

lawful basis

If a buisiness intends to process data, it must determine its lawful basis before it begins processing, and should ...

document it

Lawful bases for data processing: C* (E and for a SP), C, LO, VI (PoL), PT, LI

consent

Lawful bases for data processing: C (E and for a SP)*, C, LO, VI (PoL), PT, LI

explicit and for a specific purpose

Lawful bases for data processing: C (E and for a SP), C*, LO, VI (PoL), PT, LI

contract, including pre-contractual negotiations

Lawful bases for data processing: C (E and for a SP), C, LO*, VI (PoL), PT, LI

legal obligation

Lawful bases for data processing: C (E and for a SP), C, LO, VI* (PoL), PT, LI

vital interest

Lawful bases for data processing: C (E and for a SP), C, LO, VI (PoL*), PT, LI

protection of life

Lawful bases for data processing: C (E and for a SP), C, LO, VI (PoL), PT*, LI

public task

Lawful bases for data processing: C (E and for a SP), C, LO, VI (PoL), PT, LI*

legitimate interest

Rights under the GDPR: TBI*, A, R, E, RP, DP, O, ADM and P

to be informed

Rights under the GDPR: TBI, A*, R, E, RP, DP, O, ADM and P

access

Rights under the GDPR: TBI, A, R*, E, RP, DP, O, ADM and P

rectification

Rights under the GDPR: TBI, A, R, E*, RP, DP, O, ADM and P

erasure

Rights under the GDPR: TBI, A, R, E, RP*, DP, O, ADM and P

restrict processing

Rights under the GDPR: TBI, A, R, E, RP, DP*, O, ADM and P

data portability

Rights under the GDPR: TBI, A, R, E, RP, DP, O*, ADM and P

to object

Rights under the GDPR: TBI, A, R, E, RP, DP, O, ADM and P*

automated decision making and profliing

An individual excercising their right to access and receive a copy of their personal data and other supplementary information is commonly referred to as a ... or ‘SAR’.

subject access request

Exemptions from GDPR must be determined on a ... basis.

case by case

Exceptions from GDPR: DP*, LE, IS

domestic purposes

Exceptions from GDPR: DP, LE*, IS

law enforcement

Exceptions from GDPR: DP, LE, IS*

intelligence services

Grounds for exemption from GDPR: C/L/PP*, R/P/J, J/R/A, H/SW/E/CA, F/M/N, R/E, IAOP, NS/D

Crime, law and public protection.

Grounds for exemption from GDPR: C/L/PP, R/P/J*, J/R/A, H/SW/E/CA, F/M/N, R/E, IAOP, NS/D

Regulation, parliament and the judiciary.

Grounds for exemption from GDPR: C/L/PP, R/P/J, J/R/A*, H/SW/E/CA, F/M/N, R/E, IAOP, NS/D

Journalism, research and archiving.

Grounds for exemption from GDPR: C/L/PP, R/P/J, J/R/A, H/SW/E/CA*, F/M/N, R/E, IAOP, NS/D

Health, social work, education and child abuse.

Grounds for exemption from GDPR: C/L/PP, R/P/J, J/R/A, H/SW/E/CA, F/M/N*, R/E, IAOP, NS/D

Finance, management and negotiations.

Grounds for exemption from GDPR: C/L/PP, R/P/J, J/R/A, H/SW/E/CA, F/M/N, R/E*, IAOP, NS/D

References and exams.

Grounds for exemption from GDPR: C/L/PP, R/P/J, J/R/A, H/SW/E/CA, F/M/N, R/E, IAOP*, NS/D

Information about other people.

Grounds for exemption from GDPR: C/L/PP, R/P/J, J/R/A, H/SW/E/CA, F/M/N, R/E, IAOP, NS/D*

National security and defence.

11. Data protection. Flashcards

(76 cards)