08 Data Management

Question 1

What is the Data Protection Act 2018?

Answer 1

It’s the UK’s implementation of the General Data Protection Regulation 2016 (GDPR)
It controls how your personal information is used by organisations, businesses or the government.

Question 2

What is GDPR?

Answer 2

• General data protection regulation
• Relates to personal data
• Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by third parties
• Gives people stronger rights to be informed about how their personal information is used

Question 3

When did GDPR come into force?

Answer 3

25th May 2018

Question 4

What are the key requirements under GDPR?

Answer 4

• Obligation to conduction data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and to have it erased
• A data controller decides how and why personal data is processed and is directly responsible for GDPR
• ‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations

Question 5

What happens if you breach GDPR? What is the penalty?

Answer 5

• Data security breaches need to be reported to Information Commissioners Office (ICO) within 72 hours where there is a loss of personal data and a risk of harm to individuals
• An increase in fines up to 4% global turnover of the company or €20m (whichever is the greater)
• Policed by the ICO

Question 6

Non-disclosure agreement

Answer 6

A non-disclosure agreement is a legally binding contract that establishes a confidential relationship. The party or parties signing the agreement agree that sensitive information they may obtain will not be made available to any others.

Question 7

Difference between data and information

Answer 7

Data is raw facts/unauthorised facts/simple and seemingly random/useless until its organised
Raw Facts(preliminary data) Example: tender boq data we need to collect and organize all data for final decision making; 
Information is when data is processed/organised/structure/presented as to make it useful

Question 8

What does it mean by EDMS?

Answer 8

Electronic Document Management Systems

Question 9

What are the Legal aspect of EDMS?

Answer 9

Copyright

Question 10

Data Protection Act 1988 UK (new data protection act is 2018)

Answer 10

Gives individual the right to know what information is held about them;
Ensures that personal information is handled properly
Anyone who processes personal information must comply with 8 principles, which
• Fairly and lawfully protect
• Processed for limited purposes
• Adequate, relevant and not excess
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secured