Data Management

Question 1

What legislation governs data management?

Answer 1

Data Protection Act 2018

Question 2

What are the 2 types of data?

Answer 2

Sensitive and personal

Question 3

What are the 7 key principles of data management

Answer 3

1. Lawfulness and transparency
2. Accuracy
3. Purpose limitation
4. Accountability
5. Integrity and confidentiality
6. Data minimisation
7. Storage limitation

Question 4

What is GDPR?

Answer 4

General Data Protection Regulation
Governs how the personal data of individuals may be processed and transferred

Question 5

Does GDPR still apply to the UK?

Answer 5

It is retained in our domestic law as the UK GDPR, but the UK has the independence to keep the framework under review.
The UK GDPR sits alongside an amended version of the DPA 2018

Question 6

What does ISO 9001 govern?

Answer 6

International Standard for Quality Management Accreditation
FYI – helps organisations improve their processes and systems to meet customer needs and deliver high-quality products and services.

Question 7

What does ISO14001 govern?

Answer 7

International standard for Environmental Management Accreditation
FYI – provides a framework for businesses to identify, monitor, and minimize their environmental impact by managing aspects like waste, resource usage, and compliance with relevant environmental laws

Question 8

What does ISO27001 govern?

Answer 8

International Standard for Data Security Accreditation

FYI - governs how organizations manage the security of their information. It’s designed to help organizations protect financial information, intellectual property, employee details, and other assets

Question 9

What do you do if there is a data breach?

Answer 9

Inform the data controller immediately on how the leak happened and what was shared

Question 10

Who are the people involved in managing data?

Answer 10

1. Data protection officer
   Responsible for ensuring compliance
2. Data Controller
   Determines purposes and meaning of possessing data
3. Data processor
   Responsible for processing data on behalf of controller

Question 11

What happens if DPA is breached?

Answer 11

Greatest of fine up to of £17.5mil or 4% of annual turnover

Question 12

You sent an email by mistake to a friend, which included confidential client information and contact details. What do you do?

Answer 12

Inform the data controller immediately of the possible breach and the data shared

Question 13

Practical steps to limit data breaches

Answer 13

1. Password protected spreadsheets
2. PDFs through mimecast, these require a 1 time password
3. Timers on emails so that you have the opportunity to review you emails being sent

Question 14

When do you need to have a Data Protection Officer?

Answer 14

When the firm has over 250 employees