Level 1 Flashcards
(17 cards)
Can you tell me three principles of UK GDPR?
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability
These principles should lie at the heart of your approach to processing personal data.
Can you tell me three principles of Data Protection Act 2018?
The Data Protection Act 2018, which implements the GDPR in the UK,:
1. Lawfulness, Fairness and Transparency
2. Purpose Limitation:
3. Data Minimisation:
What is GDPR?
General Data Protection Regulation. Protects persons data and puts and obligation on companies.
How do you comply with UK GDPR and the Data Protection Act 2018 in your role?
🔐 Key Compliance Points:
Know What Personal Data You Collect
– E.g., client names, addresses, photos, contact details.
Have a Lawful Basis for Processing
– Usually contract, legal obligation, or consent.
Be Transparent
– Provide privacy notices explaining how data is used.
Collect Only What’s Necessary
– Avoid excessive or irrelevant data.
Keep Data Secure
– Use passwords, encryption, and secure storage.
Only Keep Data as Long as Needed
– Follow a data retention policy.
Have Policies and Procedures
– For access requests, breaches, and staff training (if applicable).
Register with the ICO
– Required for most data-processing businesses.
Give me an example of how you process and handle confidential information.
-Collect only necessary personal data (e.g. client name, contact info, property address) with a clear explanation of its use.
-Store data securely using password-protected devices and encrypted backups.
-Use data appropriately, such as in survey reports, and avoid including unnecessary personal details.
-Share reports securely, using encrypted email or secure file-sharing platforms.
-Retain data only as long as needed (e.g. 6 years), then dispose of it securely.
-Respect client rights, including access to their data upon request.
What is the Council’s reporting procedure for a data breach?
Report to a manager and inform the information commissioner’s office in 72 hours.
Give me an example of how you ensure that data is kept securely.
To keep data secure, we use strict access controls, encrypt data in transit and at rest, monitor and audit data access, minimize data collection, maintain regular backups, and comply with relevant regulations like GDPR
What do the Privacy and Electronic Communications Regulations 2003 apply to?
These regulations sit alongside the UK GDPR and the Data Protection Act, focusing specifically on privacy in electronic communications.
What is the Freedom of Information Act 200?
Gives the public the right to access information held by public authorities. It promotes transparency and accountability in government:
-Request information from public bodies (e.g. local councils, NHS, police, schools, government departments).
-Receive a response within 20 working days.
-Ask for any recorded information, such as emails, reports, meeting minutes, or policies.
Can you tell me about the retention of files and the Limitation Act 1980?
Organisations often base their document retention policies on these time limits to ensure that:
-They keep records long enough to defend themselves legally if needed.
-They don’t keep data longer than necessary, helping with compliance under data protection laws like GDPR.
What is BIM and how can it be used?
BIM in data management is the use of digital models to centralize, organize, and manage project data throughout a building’s lifecycle, ensuring accuracy, collaboration, and efficiency.
What is ISO 9001?
ISO 9001 is an international standard for Quality Management Systems (QMS), ensuring organizations meet customer requirements and improve satisfaction. I
What are the requirements of ISO 9001?
Key Requirements in Practice:
-Customer Focus: Ensure the organization meets customer needs.
-Documentation: Maintain proper records and documents for quality assurance.
-Process Approach: Understand and manage processes to improve performance.
-Risk Management: Identify and address risks that could affect quality.
In essence, ISO 9001 requires organizations to establish a systematic approach to managing quality, continuously improve processes, and ensure that customer satisfaction remains a priority.
What does ISO 27001 relate to?
Is an international information security standard that outlines the requirements of how a company should implement an information security management system.
What is an Electronic Document Management System (EDMS)?
Software solution used to digitally capture, store, manage, and track documents and other content in an electronic format. It replaces traditional paper-based systems, making it easier for organizations to organize, retrieve, and share documents.
SharePoint (Microsoft)
Use Case: A powerful platform for document management and collaboration.
Key Features: File sharing, version control, document approval workflows, integration with Microsoft Office, and robust access control.
Ideal For: Large enterprises or teams already using Microsoft tools, seeking integration with other Microsoft products.
What do you understand by the Civil Evidence Act 1995?
Civil Evidence Act 1995 made significant changes to the handling of evidence in civil cases, especially concerning the admissibility of hearsay and the use of documents and witness statements. It aims to make the civil litigation process more efficient while maintaining fairness and transparency.
What is data redundancy?
Data redundancy is the unnecessary duplication of data in a system. While it can be intentional for backup or reliability (e.g., in RAID or backups), it often leads to inefficiencies, increased storage costs, and potential data inconsistencies.
