Data Management

Question 1

What are the principles set out in Article 5 of the UK GDPR 2020?

Answer 1

LS MAPS

Lawful
Securely Processed
Data Minimisation
Accurate
Purpose Limitation
Storage Limitation

Article 5:
Processed lawfully, fairly, and in a transparent manner.
Collected for specified, explicit, and legitimate purposes.
Adequate, relevant, and limited to necessity.
Accurate and Up-to-Date.
Kept in a form that permits identification for no longer than is necessary.
Processed in a way that ensures appropriate security.
Data controller will be responsible for, and can evidence, compliance with the principles.

Question 2

What is the purpose of UK GDPR?

Answer 2

• Aims to create a single data protection regime.
• Empowers individuals to take control over how their data is used.
• Rights to be informed of how data is being used.

Question 3

When should a data breach be reported?

Answer 3

Personal data breaches must be reported to the ICO within 72 hours.

Question 4

What is the ICO?

Answer 4

Information Commissioners Office

Question 5

What is the maximum fine for a data breach?

Answer 5

Up to 4% of Global Turnover OR £17.5M

Question 6

What are examples of data security measures?

Answer 6

• Disk encryption.
• Regular back up of data.
• Password protection.
• Anti-virus software.
• Firewalls.
• Disaster recovery procedures.
• Two-factor authentication.

Question 7

Explain how your data storage system keeps data secure.

Answer 7

• Limited access to SharePoint.
• Data that is deleted is stored for 30 days elsewhere so able to recover if mistake made.
• Records who and when data is inputted.
• Classification of documents and emails.
• Password protected.

Question 8

What is a data controller?

Answer 8

Determines the purposes and means of processing personal data.

Can be alone or joint role.

Question 9

What is a data processor?

Answer 9

Processes the personal data on behalf of the data controller.

Question 10

What legislation is relevant to data management?

Answer 10

Data Protection Act 2018

Question 11

What are the individual rights under UK GDPR?

Answer 11

• Informed
• Access
• Rectification
• Erasure
• Restrict Processing
• Data Portability
• Object
• Automated decision making including profiling

Question 12

What is the Freedom of Information Act 2000?

Answer 12

Right for individuals to access information held by the public sector.

Question 13

What are the exemptions of an FOI Request?

Answer 13

• Personal data.
• Matters of national security.

Request must be in writing.

Question 14

How many days must a response by provided in for a FOI Request?

Answer 14

20 working days.

Question 14

What is personal data?

Answer 14

Anything that identifies a person i.e., name, gender, location data, cultural, social, economic related to an individual.

Question 15

What are the benefits of a cloud-based storage system?

Answer 15

• Information is backed up securely on encrypted servers.
• Accessibility can be managed via online settings.
• Cloud is often cheaper than storing hard copy files.
• Convenient to send and share files online.
• Environmentally friendly.
• Multiple users can access the same documents.
• Collaboration on documents.

Question 16

What is the meaning of a non-disclosure agreement?

Answer 16

• Non-disclosure agreements are used to protect against the disclosure or sharing of any confidential data.
• Clients will typically request that a recipient signs a NDA.
• Used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.

Question 17

If two separate departments within your firm were working for rival companies, how would you ensure client sensitive data was managed?

Answer 17

• Make client aware of the risks.
• Conflict of interest checks.
• Letter of instruction to continue.
• Methods of managing this would include NDAs, single lines of communication to client, separate working locations (information barriers), secure storage of data.

Question 18

Who are the key persons outlined within GDPR?

Answer 18

Data Controller - natural person or legal entity that determines the purposes and means of the processing of personal data.

Data Processor - processes personal data on behalf of the controller.

Question 19

What things must companies put in place to ensure GDPR compliance?

Answer 19

• Raise awareness across your business.
• Audit all personal data.
• Update your privacy notice.
• Review your procedures supporting individuals’ rights.
• Identify and document your legal basis for processing personal data under the GDPR.
• Review how you seek, obtain consent.

Question 20

How is data managed and protected in your firm?

Answer 20

• Secure document storage.
• Back up of documents.
• Sharing/confidentiality of documentation.
• Common data standards.
• Formatting/standardising reports.
• Data sharing with internal and external teams.
• Paper form/digital form.