Data management

Question 1

What is GDPR?

Answer 1

1. The GDPR is the new EU regulation covering protection of people’s personal data.
2. Came into force May 2018 - replaced the DPA 1998
3. Its designed to protect data in an era of mass digital data use.
4. Empowers individuals to take control of how their date is used by third parties
5. The GDPR is in force across the EU and supersedes data protection laws.
6. It applies alongside member state laws such as the data protection act 2018 (whihc is the UKs implementation of GDPR)

Question 2

What are the aims and benefits of GDPR?

Answer 2

Put simply, GDPR was designed to give the public more say over which organisations have access to their data and what they do with it. GDPR will apply to personal data. GDPR was aimed at protecting all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.

Question 3

What are the key changes (regarding GDPR)?

Answer 3

-Increased Territorial Scope (extra-territorial applicability)

Increased Penalties -Easier consent to the data provider (easily accessible forms for control of their data)

Question 4

What are the roles in GDPR?

Answer 4

1. -Controllers decides how and why personal date is processed (directly responsoble for GDPR)
2. -Processors are responsible for processing personal data on behalf of a controller.

Question 5

What is meant by Increased Territorial Scope (extra-territorial applicability) regarding GDPR?

Answer 5

GDPR applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location.

Question 6

What is meant by penalties regarding GDPR?

Answer 6

Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements

Question 7

What is meant by consent regarding GDPR?

Answer 7

Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent (EUGDPR.ORG Portal, 2018).

Question 8

How would you treat confidential data?

Answer 8

I would make sure to follow my company’s data protection policy. This includes: - Locking my computer when away - Paper free desk and using my locker for confidential information - Use shredder for documents - Ensure to categorize my soft copy documents with the correct coding - eg. public, private and restricted.

Question 9

What is the Data Protection Act?

Answer 9

It gives individuals the right to know what information is held about them and provides a framework to ensure that it’s handled properly.

Question 10

What challenges does the Data Protection Act pose?

Answer 10

The main challenge is posed by multiple users of the system saving files in incorrect folders so that retrieval of information can be time consuming. There are also risks of careless revisions of documents or accidental deletion - although our server is backed up twice daily so any losses in this respect are mitigated.

Question 11

How do you determine if a document is public, private or restricted?

Answer 11

There is a matrix based on the reputation impact, financial impact and legal impact.

Question 12

How is the GDPR relevant in your day to day work?

Answer 12

• I manage high amounts of sensitive data and this needs to be done in line with the data protection act and GDPR. -

Question 13

How is the GDPR relevant to the construction industry?

Answer 13

Companies should employ a data protection officer, make sure they comply with all the data protection policy and be clear and transparent when talking about data.

Question 14

What is the freedom of information act 2000?

Answer 14

The Freedom of Information Act 2000 (FOIA) is a UK Act of Parliament that creates a public ‘right of access’ to information held by public authorities. There are two ways in which this is provided: Public authorities are obliged to publish certain relevant information. Members of the public are entitled to request information from public authorities.

Question 15

Is the data protection act superseded?

Answer 15

No the data protection act was updated in 2018 to act supplementary to the GDPR.

Question 16

What is the Freedom of Information Act 2000?

Answer 16

1. The Act provides individuals or organisations with the right to request information held by a public authority.
2. Information must also be published through the public authority’s publication scheme.
3. Puclic body must tell the individual if they hold it
4. 20 working days to supply it in format requested
5. can charge for providing it

Question 17

How do you ensure that you comply with data protection legislation?

Answer 17

You should consider issues such as only keeping information you really need, making sure people know you’ve got it and why, not passing on personal information, holding information securely, limiting access to information, keeping up to date information and deleting any information you have no more need for.

Question 18

What data do you use in your work and how do you manage this?

Answer 18

Consider any data you collect such as financial figures, valuation figures, contact details, etc. and be able to explain how you ensure this complies with the legislation.

Question 19

What are the 7 principles of GDPR?

Answer 19

1. Lawfulness, fairness and transparency
2. Purpose limitation - must be legitimate
3. Data minimisation - only what is necesary
4. Accuracy - kept up to date where necesary
5. Storage - for no longer than is necessary
6. Security -limitation Integrity and confidentiality protect against unlawful access
7. Accountability - controller is responsible for compliance

Question 20

What types of data is considered under GDPR?

Answer 20

Any personal data including: Name Religion Sexual orientation Trade union membership Physical or mental health Genetic data

Question 21

What must you do if you accidentally breach GDPR and send information to the wrong person?

Answer 21

1. • Report to the ICO (UK regulator) within 72 hours where there is a loss of personal date and a risk of harm to indviduals
2. Report it internally - Let the individual data subjects aware
3. Might recieve a fine (up to 4% of global turnover)

Question 22

Who polices the GDPR?

Answer 22

The ICO information comissioners office

Question 23

What might be the penalty for breaching the GDPR?

Answer 23

Might recieve a fine (up to 4% of global turnover)

Question 24

What are your 8 rights under GDPR?

Answer 24

1. Informed
2. Access
3. Recitifcation
4. erasure
5. restrict processing
6. data portability (for own purposes)
7. To Object
8. Automated decision making (insurance companies)

Question 25

What are the exemptions from the freedom of information act?

Answer 25

1. contrary to GDPR
2. Criminal matter under investigation
3. prejudice an orgnisations commercial interest

Question 26

How can data be kept secure?

Answer 26

1. Firewalls
2. Encryption
3. Anitvirus
4. password protection

Question 27

How does an non disclosure agrement work?

Answer 27

1. It is a contract through which the parties agree not to disclose information covered by the agreement.
2. An NDA creates a confidential relationship between the parties, typically to protect any type of confidential and proprietary information or trade secrets.
3. Drawn up by a solcitor.
4. An NDA is a civil contract, so breaking one isn’t usually a crime, however they face the threat of being sued and could be required to pay financial damages and related costs
5. An NDA cannot stop anybody:
   
   1. ‘whistleblowing’
   2. reporting a crime to the police