AH Data Protection Policy Flashcards

(29 cards)

1
Q

What is the statutory deadline for processing subject access requests?

A

One month

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who enforces compliance with the data protection rules in the UK?

A

Information Commissioner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the first of seven Data Protection principles?

A

Lawfulness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the second of seven Data Protection principles?

A

Restriction of purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the third of seven Data Protection principles?

A

Data minimisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the fourth of seven Data Protection principles?

A

Accuracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the fifth of seven Data Protection principles?

A

Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the sixth of seven Data Protection principles?

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the last of seven Data Protection principles?

A

Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is Credibility a data protection principle?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

“Customer data should be processed lawfully, fairly and in a transparent way” does this link to a Data Protection Principle?

A

Yes (Lawfulness)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do you require before processing personal data when there is no contractual or legitimate interest?

A

Explicit consent from the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How long is staff personal data retained for once the employee leaves AH?

A

10 years.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Info which can be used to identify (directly or indirectly) an individual is a definition of what?

A

Personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is classified under special category for personal data?

A

Race or ethnic origin.
Political, religious or philosophical beliefs.
Trade union membership.
Genetic info.
Biometic data.
Data concerning health and sickness records.
Data concerning a person’s sex life or orientation.
Data about convictions and offences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which data protection principle is being described “personal data should be adequate, relevant to the purposed we have told you/the data subjected about and limited only to those purposes?

A

Data minimisation

17
Q

At AHA who is the Data Controller?

18
Q

You have made a recommendation and application submitted to a lender or insurer, how long must data be kepy for?

A

Indefinitely, subject to a minimum of 75 years.

19
Q

Employees report any data protection issues or concerns to?

A

Senior Management

20
Q

Is it true that the board and senior management team have overall responsibility for ensuring compliance with deta protection?

21
Q

Data Protection Legislation means…

A

Data Protection Act 2018 & General Data Protection Regulation EU 2016

22
Q

Who has overall responsibility for ensuring compliance with Data Protection?

A

The board and senior management team

23
Q

Who are the first points of contact after imediate managers for employees with concerns on Data Protection?

A

The Compliance Support Team and Risk, Compliance and Tech Director (DLS)

24
Q

What is the first of three aims of the date protection policy?

A

Ensure compliance with all applicable data protection legislation

25
What is the second of three aims of the date protection policy?
Protect AHA’s employees and data subjects from the risks associated with breaching this Data Protection Legislation.
26
What is the last of three aims of the date protection policy?
Safeguard AHA’s name and reputation from damage caused by the risks of unlawful processing and data breaches.
27
Does AH provide customers with the opportunity | to opt-out by including a link at the bottom of each marketing email?
Yes
28
What is the email they can contact to opt out of marketing?
DPAConsents@alexanderhall.co.uk
29
Can clients opt out of marketing verbally?
Yes