The Legal Framework

Question 1

5 legal frameworks in which organisations operate derive from

Answer 1

• Parliamentary legislation
• Government regulation
• Treaty obligations
• International bodies
• Official regulations

Question 2

Data subject

Answer 2

A person who can be identified, directly or indirectly, from data held

Question 3

7 Data Protection Principle

Answer 3

1) Lawfulness, fairness & transparency –> only be held if there are valid grounds to do so

2) Purpose limitations

3) Data minimisation –> adequate, relevant & not excessive

4) Accuracy –> not misleading, no inaccuracies

5) Storage limitations –> not held longer than needed , data not needed must be deleted/anonymised

6) Integrity & confidentiality

7) Accountability –> appropriate measures & records in place to be able to demonstrate compliance

Question 4

8 Rights of data subjects

Answer 4

1) To be informed
2) Access – no charge
3) Rectification – request inaccurate/misleading info to be rectified
4) Erasure – right to be forgotten
5) Restrict processing – can still be held, but not processed
6) Data portability – reuse in a different service
7) To object – direct marketing
8) Automated decision making & profiling – where data evaluation about them is automated