Data Management Flashcards
(17 cards)
What Legislation are you aware of regarding Data Management?
Data protection Act 2018
Freedom of Information Act 2000
GDPR - 2018 (sits alongside the Data protection act)
Q. What is ISO 9001?
Internationally recognised standard for quality management systems, published by the International organisation for standardisation.
Provides a framework that organisations can follow to ensure they meet requirements of both customers and regulations
- Customer focus
- Leadership
- Engagement
- Process Approach
Q. What is Information management?
Relates to how information is processed, collected, stored and organised.
Information is the outcome of all the data that is collected and stored.
Q. What quality management systems are you aware of?
ISO 9001 - most widely used globally
AS 9100 – For aerospace and defence sectors
Q. What are the key documents in ISO9001?
Mandatory documents (scope of the quality management system
Mandatory records (minoring and measurement results, internal audit results etc)
Q. What is the Data Protection Act? Where does it cover?
Controls how personal information is used by organisations business or the government.
Obligatory compliance by any party who is using personal data
Q. Can you list the Key Persons outlined in the Data Protection Act?
Data subject – the person whose data it is
Data Controller - Decides how data is collected
Data Processor – Processes data on behalf of the controller
Data Protection officer – Oversee the data protection strategy
Information Commissioner – issues fines and checks compliance John Edwards in the UK.
Q. How does a company need to comply with the data protection act?
Only keep information needed
Don’t pass on sensitive personal data
Keep information held secure
Keep information for no longer than necessary
Q. Can you list the 7 Principles outlined under the Data Protection Act?
- Lawfulness, fairness and transparency
- Purpose limitation
- Data Minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Q. What Rights (8) are outlined under the Data Protection Act?
Right to be informed
Right to access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights in Relation to Automated Decision-Making and Profiling
Q. What is the GDPR? Where does it cover?
The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that establishes a framework for the collection, processing, storage, and transfer of personal data.
Gives individuals the right to access and correct their personal data
Incorporated into UK law to sit alongside the Data Protection Act.
Q. What does UK GDPR cover / protect?
The information / data of people in the UK who’s information may be used by companies outside of the UK.
Q. What are the penalties for GDPR breach?
Minor infringements 10 million euros or 2% of turnover – (I.E Admin error)
Breach of principles - Major – 20 million euros or 4% of turnover (Unlawful processing of data, or failure to protect)
What are the other duties under the GDPR?
Report data breaches to the local authorities within 72 hours
Only obtain personal data with consent and a privacy note to explain.
Q. What is the freedom of information act (2005)?
Provides public right to access information held by local authorities
Q. How long should information be held for?
Minimum requirements by the RICS are that they should be held in line with the lability period (6 years underhand or 12 years as a deed)
Although the best practice would be to hold it in line with the statue of limitations period which is 15 years.
