AH Data Protection Policy

Question 1

What is the statutory deadline for processing subject access requests?

Answer 1

One month

Question 2

Who enforces compliance with the data protection rules in the UK?

Answer 2

Information Commissioner

Question 3

What is the first of seven Data Protection principles?

Answer 3

Lawfulness

Question 4

What is the second of seven Data Protection principles?

Answer 4

Restriction of purpose

Question 5

What is the third of seven Data Protection principles?

Answer 5

Data minimisation

Question 6

What is the fourth of seven Data Protection principles?

Answer 6

Accuracy

Question 7

What is the fifth of seven Data Protection principles?

Answer 7

Storage

Question 8

What is the sixth of seven Data Protection principles?

Answer 8

Security

Question 9

What is the last of seven Data Protection principles?

Answer 9

Accountability

Question 10

Is Credibility a data protection principle?

Answer 10

No

Question 11

“Customer data should be processed lawfully, fairly and in a transparent way” does this link to a Data Protection Principle?

Answer 11

Yes (Lawfulness)

Question 12

What do you require before processing personal data when there is no contractual or legitimate interest?

Answer 12

Explicit consent from the customer.

Question 13

How long is staff personal data retained for once the employee leaves AH?

Answer 13

10 years.

Question 14

Info which can be used to identify (directly or indirectly) an individual is a definition of what?

Answer 14

Personal data

Question 15

What is classified under special category for personal data?

Answer 15

Race or ethnic origin.
Political, religious or philosophical beliefs.
Trade union membership.
Genetic info.
Biometic data.
Data concerning health and sickness records.
Data concerning a person’s sex life or orientation.
Data about convictions and offences.

Question 16

Which data protection principle is being described “personal data should be adequate, relevant to the purposed we have told you/the data subjected about and limited only to those purposes?

Answer 16

Data minimisation

Question 17

At AHA who is the Data Controller?

Answer 17

AHA.

Question 18

You have made a recommendation and application submitted to a lender or insurer, how long must data be kepy for?

Answer 18

Indefinitely, subject to a minimum of 75 years.

Question 19

Employees report any data protection issues or concerns to?

Answer 19

Senior Management

Question 20

Is it true that the board and senior management team have overall responsibility for ensuring compliance with deta protection?

Answer 20

Yes

Question 21

Data Protection Legislation means…

Answer 21

Data Protection Act 2018 & General Data Protection Regulation EU 2016

Question 22

Who has overall responsibility for ensuring compliance with Data Protection?

Answer 22

The board and senior management team

Question 23

Who are the first points of contact after imediate managers for employees with concerns on Data Protection?

Answer 23

The Compliance Support Team and Risk, Compliance and Tech Director (DLS)

Question 24

What is the first of three aims of the date protection policy?

Answer 24

Ensure compliance with all applicable data protection legislation

Question 25

What is the second of three aims of the date protection policy?

Answer 25

Protect AHA’s employees and data subjects from the risks associated with breaching this Data Protection Legislation.

Question 26

What is the last of three aims of the date protection policy?

Answer 26

Safeguard AHA’s name and reputation from damage caused by the risks of unlawful processing and data breaches.

Question 27

Does AH provide customers with the opportunity

to opt-out by including a link at the bottom of each marketing email?

Answer 27

Yes

Question 28

What is the email they can contact to opt out of marketing?

Answer 28

DPAConsents@alexanderhall.co.uk

Question 29

Can clients opt out of marketing verbally?

Answer 29

Yes