Legislation
What does GDPR stand for?
General Data Protection Regulation
What is personal data?
Any information that can directly or indirectly identify an individual
What principle with the initials DM ensures that only necessary data is collected?
Data Minimisation
What can individuals request under the right to rectification?
Corrections to inaccurate or incomplete data.
What is a data subject?
An individual whose personal data is collected, processed, or stored by an organisation under GDPR.
When did GDPR come into effect?
GDPR - 2018
UK GDPR - 2021
Give an example of personal data.
Names, email addresses, phone numbers, IP addresses etc
What principle with the initials SL requires data to be kept no longer than necessary?
Storage Limitation
Individuals can request access to their information under the Right to Access. In relation to this, what does DSAR stand for?
Data Subject Access Request
What is a Data Processor?
The entity that processes data on behalf of the Data Controller.
The UK's Data Protection Act was originally implemented in 1998, and refreshed in what year?
2018
What is sensitive data and give 2 examples.
Special categories of personal data that require extra protection - Data related to racial or ethnic origin, political opinions, religious belief etc
What does the principle with the initials L, F and T stand for?
Lawfulness, Fairness, and Transparency
What is the right to erasure also known as?
The right to be forgotten.
What is a Data Controller?
The entity that determines the purposes and means of processing personal data.
What is the maximum fine for non-compliance with UK GDPR?
£17.5 million or 4% of annual worldwide turnover, whichever is higher
Why does sensitive data require extra protection?
Because it is more likely to cause harm or discrimination if mishandled.
Explain the principle of Purpose Limitation.
Data should be collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
How does the right to data portability benefit individuals?
It allows individuals to move, copy, or transfer their data from one organisation to another.
What is the role of a Data Protection Officer (DPO)?
To oversee data protection strategy and implementation to ensure compliance with GDPR requirements.
The organisation who oversees compliance with legislation/regulations around data protection is the ICO. What does this stand for?
Information Commissioner's Office
Describe the conditions under which sensitive data can be processed.
Sensitive data can be processed only if there is explicit consent, it is necessary for carrying out obligations in the field of employment, health, etc., or if it is for public interest, among other specific conditions.
How many principles are there?
6 - Lawfulness, fairness and transparency / Purpose limitation / Data minimisation / Accuracy / Storage limitation / Integrity and confidentiality
What does FOI stand for and how long does an organisation have to respond to one?
Freedom of Information - 20 working days
In relation to GDPR, what does DPIA stand for and what is it?
Data Protection Impact Assessment - a process to identify and mitigate potential risks to individuals' data privacy in data processing activities