What does GDPR stand for?
General Data Protection Regulations
How many principles to GDPR?
6 Principles
How long do we have following a Data Breach do we have to inform the ICO?
72 Hours
Who is the ICO?
Information Commissioners Office
What should I do if I know I've breached Client's Data?
Tell your DPO, ensure Compliance know as they need to report within 72 hrs.
If you don't, you've breached our Data Policy and could be subject to disciplinary
The date that GDPR comes into force
25th May 2018
What Article number are the Principles contained in?
Article 5
When we print a duplicate document letter off the printer - where should we put the copy not being sent or placed on file?
Always the shredder.....never the bin
What's the maximum fine that can be made for Data breaches?
Up to 2% of their annual worldwide revenue, or €10 million, whichever is higher.
For more serious breaches it's 4% or 20m Euro
Can I work on the bus or train on the way to work?
Yeah, but you must be sure that it's safe to do so and that client's data is fully safeguarded.
What type of Data is a date of birth... personal or sensitive?
Personal
Does Google comply with GDPR?
Is internal communication covered under GDPR?
Yeah......if it can identify the client. (ps. Could be their ref...not necessarily their name that identifies them)
Do you have to tell your client where you are sending their data if you outsource to India for data cleaning?
Yep!
Which is a better way to keep your client's data private?
Use an anonymous reference number and keep that reference number in a separate file OR
Use a code name that ONLY you understand
Anonymous reference number
What's a SAR?
Subject Access Request
Does the US have to comply to GDPR rules?
Yep! All EU citizens are protected. Doesn't matter what soil they're on.
You should only lock your screen when you go away from your desk for more than 30 mins?
No, in theory it's every time you are away from your desk?
Double, double toil and trouble, fire burn and cauldron bubble
The person/organization responsible for the purpose and manner in which the data is processed. They also have responsibility for looking after the Data.
They are defined as the .....?
Data Controller
Under GDPR, when we use a lawyer...are they a Data Controller or Processor?
Data Controller
GDPR is...
Consumer or Business Centric?
Consumer centric
Can you leave detailed messages on a Customer's voicemail?
No...as you don't know who's going to pick the message up!
Should Client's data be always up to date on our systems?
Yes....it's one of the 6 Principles.
A person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Data Processor