Data Management Flashcards
What are 8 Individual Rights under UK GDPR?
- Right to be informed
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights to automated decision making and profiling
How is data managed and protected by your firm?
Answer
- SharePoint acts as our secure document storage system
- Documents are backed up on our XDrive
- Confidential documents are stored securely
-Formatting is standardised across all documentation
What is GDPR?
General Data Protection Regulations.
The EU’s GDPR no longer applies in the UK.
The UK’s GDPR is supplemented by the Data Protection Act 2018 - replacing the Data Protection Act 1998.
What are the main principles of collecting personal data outlined in UK GDPR?
Answer:
1. lawfulness, fairness and transparency
2. Purpose limitation - what data is used for
3. Data minimisation -
4. Accuracy and kept up to date
5. Storage limitation - kept in form which permits identification of data subjects
6. Integrity and confidentiality
7. Accountability
What things must a company do to ensure GDPR compliance?
Answer:
- Raise awareness across business
- Audit all personal data
- Update privacy notice
- Review procedures supporting individuals rights
- Review how you seek, obtain and record consent
How can you make sure data storage is secure?
Answer:
- Disk encryption - secure hard disk drive
- Regular backups off site
- Password protection and use on anti-virus services
- Firewalls and disaster recovery procedures
How do ensure data sources are reliable?
Answer:
- I should reverify data against an alternative source through ‘triangulation’
What is the ICO in GDPR?
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights, covering laws including the Data Protection Act 2018, Freedom of Information and Privacy and Electronic Communications Regulations
The difference between Data processor and Data controller?
The UK GDPR defines a processor as: ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors act on behalf of the relevant controller and under their authority
What is a data controller for GDPR?
The data controller determines the purposes for which and the means by which personal data is processed. So, if your company/organisation decides ‘why’ and ‘how’ the personal data should be processed it is the data controller.
What personal data do you come into contact with?
For Inspections during lease extension purposes I come into contact with leaseholders mobile phone numbers and emails - I am always sure to delete any reference to leaseholders contact details following my inspections.
Under GDPR, if there was a data breach what would happen next and what would be your role?
- Work with my head operations in my company and determine if the breach has to be reported to the ICO
- By Law you have to report the personal breach to the ICO without undue delay and within 72 hours
- In your log, write down facts of what has happened
- Try and contain the breach
- Assess risk for customers
- Act to protect those affected
- Submit report
What happens if you breach data protection UK?
The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual company turnover – whichever is greater – for infringements
What does the Freedom of Information Act 2000 do?
Gives individuals the right of access to information held by public bodies:
- Public body has to confirm they have information requested
- 20 days to supply information
- Public body can charge for provision of
What is a non-disclosure agreement?
An NDA creates the legal framework to protect information from being stolen or shared with competitors or third parties.
What happens if a non-disclosure agreement is broken?
Violating an NDA leaves you open to lawsuits from your employer/client, and you could be required to pay financial damages and possibly associated legal costs
