Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ISM > Week 10 > Flashcards

Week 10 Flashcards

(12 cards)

Start Studying
1
Q

What law governs data protection in the UK after Brexit?

A

UK GDPR and Data Protection Act (DPA) 2018.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who is a Data Controller?

A

The person or organization that decides how and why personal data is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who is a Data Processor?

A

A person or company that processes data on behalf of the controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the 7 principles of UK GDPR (Article 5).

A

Lawfulness, fairness, transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 6 lawful bases for processing personal data (Article 6)?

A

Consent
Contract
Legal obligation
Vital interests
Public task
Legitimate interests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Special Category Data?

A

Sensitive data like health, race, religion, sexual orientation — needs stronger protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name five rights of a data subject under UK GDPR.

A

Any of:

  1. Right to be informed – Know how their data is used.
  2. Right of access – See their data.
  3. Right to rectification – Fix incorrect data.
  4. Right to erasure – “Right to be forgotten.”
  5. Right to restrict processing – Limit how it’s used.
  6. Right to data portability – Transfer data to another service.
  7. Right to object – Say no to data use in some cases.
  8. Rights in automated decision-making – Protection from decisions made solely by computers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Data Protection Impact Assessment (DPIA)?

A

A process to identify and reduce data protection risks in new projects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When is a DPIA required?

A

You need a DPIA when your project might put people’s privacy at high risk. This includes:

When using new tech
Tracking people
Watching people regularly
Handling sensitive data on a large scale e.g. health

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the key steps in a DPIA?

A

Describe the processing
Assess the necessity and proportionality
Identify and assess risks
Define ways to reduce those risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is DPIA important?

A

It helps organizations comply with the law, protect people’s privacy, and avoid fines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What can happen if a company doesn’t comply with GDPR?

A

Heavy fines (up to £17.5 million or 4% of global turnover), legal action, reputational damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ISM (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions