Data Management

Question 1

Gives me some examples of the principles of data management

Answer 1

• Data policy, broad high level principles forming framework
• Data ownership. Clear identification of data owner
• Appropriate metadata. Data about data
• Data quality. Able to integrate data with other data sets

Question 2

Why does the data protection act 2018 exist?

Answer 2

• Required to protect personal data and privacy of UK citizens. Covers all companies that deal with data of UK citizens.
• Safe guards information ie name, address, financial details, religion etc.
• Data must be collected and used fairly. Only be held and used for the reason given.
• Must be accurate and up to date, not kept for longer than necessary

Question 3

What body is responsible for enforcing GDPR & Data Protection Act?

Answer 3

European commission & information commissioner

Question 4

What does free of information Act enable?

Answer 4

Creates public right of access to information held by public authorities. Enforced by Information commissioners office

Question 5

How do you ensure the data that you hold is kept secure and confidential?

Answer 5

Password protected files, never leave laptop unattended and unlocked. Only use data I need to not expose anything confidential.

Question 6

How do you ensure only necessary people have access to data stored on shared drives?

Answer 6

I set up passwords to access files which are shared with relevant persons. I request IT give permission to only certain people

Question 7

How long do you keep clients data and how do you ensure it is deleted when necessary?

Answer 7

I keep data only as long as needed. I delete anything I do not need. I set reminders at end of projects to review information and whether it can be deleted yet.

Question 8

What was the main change to the GDPR regulations in 2018?

Answer 8

Restrictions on personal data

Question 9

Where would you find out about GDPR updates etc?

Answer 9

Information Commissioners Office (ICO)

Question 10

What is highly protected data under GDPR?

Answer 10

Race, health, sexual orientation, sex, religion, political opinion, genetic data

Question 11

What are the 6 key principles of the DPA and GDPR?

Answer 11

• information used lawfully, fairly and transparently
• collected for legitimate purpose
• adequate and relevant
• accurate
• kept safe
• kept no longer than necessary

Question 12

What are some individual rights under the GDRP and DPA?

Answer 12

• informed
• access
• erasure
• object
• restrict processing

Question 13

Who enforces the Data Protection Act 2018?

Answer 13

Information Commissioners Office

Question 14

What is the link between the DPA and GDPR?

Answer 14

GDPR is European directive, DPA is UK interpretation

Question 15

How does the DPA apply to the way NHBC handle personal data?

Answer 15

7 key principles. We make sure data is secure and safe etc

Question 16

For how long do you keep clients details?

Answer 16

15 years. This is due to the PII, 6 years underhand, 12 years under deed, 3 years for remediation

Question 17

How do you keep project information in your company?

Answer 17

On a shared drive with restricted access

Question 18

What are the fines involved with failure to comply with DPA legislation?

Answer 18

4% of global earnings or £17.5million/ 20 million euros

Question 19

What should you do if you have a data breach?

Answer 19

Notify Information commissioners office and affected party within 72 hours

Question 20

What are the special characteristics of the Data Protection Act 2018?

Answer 20

Sex, religion, political view, trade union, race, genetic data, health data, biometric data, sexual orientation