Data Management

Question 1

What are the main acts relating to Data Protection?

Answer 1

Data Protection Act 2018 and the UK general data protection regulations 2017

Question 2

What does the Data Protection Act 2018 do?

Answer 2

Creates a single data protection regime which gives individuals powers to control how third parties use their data

Question 3

What are the 8 rights under the DPA?

Answer 3

1. Right to be informed
2. Right to erasure
3. Right to rectification
4. Right to data portability
5. Right to not be subject to automated decision making
6. Right to access
7. Right to restrict processing
8. Right to object to have data collected

Question 4

What is article 5 of the GDPR?

Answer 4

Sets out main principles of GDPR

Question 5

What are the principles of article 5?

Answer 5

1. LAWFUL - Data must be processed lawfully, fairly, transparently
2. LEGITIMATE AND EXPLICIT - Collected for specific legitimate and explicit purposes and not processed further in a manner not compatible with those purposes
3. LIMITED TO WHAT IS NECESSARY - Adequate, relevant and limited to only what is necessary
4. ACCURATE - accurate and kept up to date via rectification or erasure
5. KEPT FOR ONLY AS LONG AS NECESSARY - Kept in a form which permits identification of individuals for only as long as is necessary for purposes outlined
6. KEPT SECURE - Processed in a manner that ensures security using appropriate measures,

Question 6

What are the key points of the Data Protection Act 2018?

Answer 6

1. RISK ASSESSMENTS - conduct Data Protection Impact Assessments for high risk holding of data
2. RIGHTS - grants 8 rights
3. DATA CONTROLLER - firms need to appoint a data controller who decides how and why personal data is use and is directly responsible
4. COMPLIANCE - Must prove compliance to the ICO

Question 7

What are the timeframes involved if there is a breach?

Answer 7

72 hours must report to ICO. Must report to client asap.

Question 8

What are the fines involved with not complying with GDPR?

Answer 8

4% global turnover or £17.5 million, whichever is the higher

Question 9

Explain to me your freedom of information request situation?

Answer 9

Working for a private client, so it wasn’t technically a Freedom Of Information request because it wasn’t a public body. The phrase that was used.
Under Data Protection Act, I understand that you must respond within one calendar month (with the possibility to extend for 2 months if the request is complex).
For freedom of information requests under the freedom of information act 2000, public bodies must respond within 20 working days.
My firm aimed to respond within the 20 working days, although they didn’t need to in this case and could have taken a calendar month.

Question 10

When can you turn down a freedom of information request?

Answer 10

When it is contrary to GDPR or it would prejudice criminal matters or a person/companies commercial interest.

Question 11

What are some types of security to protect data?

Answer 11

1. disk encryption
2. offsite back ups
3. password protection
4. anti virus software
5. VPNs
6. firewalls
7. Disaster recovery
8. Multifactor authentication
9. Cloud storage