Data Management Flashcards
(39 cards)
How can data be kept secure?
Regularly changing passwords
Firewalls
Encryption
Virus protection
Two-step verification
Backing up data
What are the benefits of cloud based storage?
Securely backed up
Accessibility can be managed
Cheaper than physical storage
Easier to collaborate on documents
What is an NDA?
An NDA is an agreement that prevents the disclosure of confidential data.
When may an NDA be used?
If confidential, sensitive or intellectual property information is involved. Can be used to prevent competitors from accessing it
What is Intellectual Property?
It refers to creations of the mind and is protected in law to enable creators to earn recognition and financial rewards
What is Copyright?
The right a creator has over their work.
Automatically given to creators and prevents others from copying, sharing or distributing their work without permission
What is a Trademark?
A sign that distinguishes one brand from another.
Must be registered for a fee.
Prevents others from using the brand without permission
Allows creator to sell and license their brand and use trademark symbol
What is a Patent?
An exclusive right for an invention
Complicated application process that incurs a fee
Can only be used for something new, inventive and a physical product or technical method/process
What types of data does your organisation handle?
Personal data of employees and customers
Property information
Sensitive and confidential emails/files
Contractual information of companies
Which public authority upholds the information rights in the UK?
The Information Commissioners Office (ICO)
What is the UK’s implementation of the GDPR?
The Data Protection Act 2018
What does GDPR stand for?
General Data Protection Act
Who does the GDPR apply to?
Data controllers and processors
What is a Data Controller?
The entity that determines the purpose and meaning of processing personal data
What is a Data Processor?
The entity that processes the data on behalf of the controller
What is personal data?
Information that can be used to directly or indirectly identify the person, or data subject, to whom the information relates
What is a Data Protection Officer (DPO)?
Inform and advise the controllers and processors of their obligation
Monitor the controllers and processors
Advise on Data Protection Impact Assessments (DPIA)
Act
Act as a contact point between data subjects and ICO, where necessary
When is a DPO required?
Under Article 37:
Public bodies
Organisations handling certain types of data
Organisations handling large amounts of data
What are the principles of GDPR?
Article 5:
Lawfulness, fairness, transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
What rights do the GDPR provide?
Articles 15-22:
Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights relating to automated decision making & profiling
What are the lawful bases for processing personal data?
Article 6:
Consent
Contract
Legal obligation
Vital interests
Public task
Legitimate interests
What is the time limit for reporting GDPR data breaches?
72 hours
What is the standard maximum for a GDPR breach fine?
Higher of 2% worldwide annual turnover or £8.7m
What is the higher maximum for a GDPR breach fine?
Higher of 4% worldwide annual turnover or £17.5m
