Week 8 - Laws on Data Protection & Business through Internet Flashcards
What is a ‘Data Subject’?
Any living individual who is the subject of personal data held by an organisation.
What is a ‘Data Controller’?
The natural or legal person, public authority, agency or other body which, alone or jointly with others. determines the purposes and means of the processing of personal data.
What is ‘Data Processing’?
It means any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What is ‘Personal Data’?
It means any information relating to an identified or identifiable natural person.
What is a ‘natural’ person?
A human being who is alive.
What is an ‘identifiable natural’ person?
One who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What are the seven principles of data protection?
- Lawfulness, Fairness & Transparency
- Purpose
- Data Minimisation
- Accuracy
- Storage
- Security
- Accountability
What does ‘Lawfulness, Fairness & Transparency’ entail?
- Organisations and controllers to be 100% transparent while seeking the individuals data collection, processing and protection.
- They must deliver the data collection purposes in clear and plain language to address the data subjects’ consent and individual rights on personal data collection.
What does ‘Purpose’ entail?
- Personal data must be used for the specific purpose the data subjects have given consent.
- The controller cannot use the data for processing outside the mentioned purpose.
What does ‘Data Minimisation’ entail?
The DPA 2018 conditions collect the necessary, relevant and not excessive amount of personal data for processing. The controller must not collect more data than they need.
What does ‘Accuracy’ entail?
The controllers must verify that the data they process and collect is accurate and not misleading, incomplete or incorrect.
What does ‘Storage’ entail?
The controllers should not keep personal data more than required. They must notify the data subjects on how long they will hold their data.
What does ‘Security’ entail?
DPA 2018 ordered the organisations and controllers to have security controls and measures to protect the confidentiality or integrity of stored and processed personal data so nobody can alter or steal the data subjects’ information.
What does ‘Accountability’ entail?
- This principle is relatively new in contrast with DPA 1998.
- With this newly added principle in DPA 2018, every organisation that stores or processes personal data must comply with regulatory obligations.
What is the ‘Datas Protection Act 2018’?
- A UK law that complements the UK GDPR.
- The DPA 2018 mostly refers you back to the UK GDPR but includes UK specific details for a few things such as; how to process criminal conviction data,
