Data protection act 2018

 Principles of the DPA

The UK GDPR sets out seven key principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”


Implications of non-compliance

Non-compliance with the Data Protection Act (DPA) can lead to significant consequences for organizations, including substantial fines, reputational damage, legal action, operational disruptions, and potential loss of customer trust due to data breaches, as regulatory bodies like the Information Commissioner's Office (ICO) can impose penalties based on the severity of the violation, potentially reaching up to a percentage of the company's annual global turnover depending on the jurisdiction and nature of the breach. 


Who is referred to as a data subject? What are examples of data subject rights under the DPA 2018?

Data subjects are individuals whose personal data is collected and processed under the Data Protection Act (DPA) 2018. The DPA gives data subjects rights, including the right to be informed, the right to rectification, and the right to object. 

Rights of data subjects

  • Right to be informed: Data subjects have the right to know what personal data is collected about them, and how it is used. This includes who is collecting the data, why, and how long it will be kept. 
  • Right to rectification: Data subjects can request that inaccurate or incomplete personal data is corrected. 
  • Right to object: Data subjects can request that a company stop processing their personal data. For example, they can object to direct marketing or if the processing is for a task in the public interest. 
  • Right to data portability: Data subjects can move their personal data from one IT system to another. 
  • Right to make a request or complaint: Data subjects can make a request or complaint to the Information Commissioner's Office (ICO). 

Test yourself page 206

  1. ECHR - European Convention of Human Rights
  2. Article 8 of the ECHR specifies the rights to protect a person's correspondence, family life, home a private life
  3. However, this has exceptions, such as when it a threat to national security

Comments

Post a Comment

Popular posts from this blog

ESP overview

  task number  focus  No. Of hours  Marks allocated  1  Trouble shooting and test planning  2 hours 30  22  2  Interview and communication  2 hours 10  12  3  Project proposal  4 hours  24  4  Post project review  3 hours 30  12    Task uno:  This focus on trouble shooting a fault based on a specified problems/issues and designing a test plan.   The troubleshooting document should include:  User details   Test dates  Computer specs and software  Proposed tests and expected outcomes   Record of diagnosis  The test plan should include:  Administrative details E.G. dates names.  Test dates   Hardwear specs and software   Actual and relevant tests carried out in a logical order including images/diagrams  Full and complete details of expected outcomes  Remedial action required   Task d...
Read more

Stakeholder roadmap

 A stakeholder roadmaps provides an overview of the main components of the project, it will include objectives, deliverables, milestones, resources, and timelines, and is used to show these to stakeholders as well as keeping stakeholders in the know of operations. unlike a project plan, it does not include day to day tasks or a detailed view of roles, only a quick overview to catch stakeholder interest Project timelines timelines show what phases of the project are complete, current, and to do they are used to keep track of different project tasks they include: start and end date of tasks the task duration who is assigned the task task dependencies (if it relies on another task being complete) they are important as they: a central area to display all tasks and project management phases provide a simple representation of the project to make it easier to understand allow team members to focus on important tasks help promote improved time and resource management  Linking pro...
Read more

hw 12/5

Test yourself 241  A botnet aims to take control of digital systems. It is a type of malware that allows a cyber security attacker to take control of someone's system without their knowledge.   The aim of a DOS attack is to make a network inaccessible to users. It does this by flooding the network with traffic which in turn slows its speeds down to a point where it is basically unusable.  One of the main differences between a DOS attack and a DDOS attack is a DDOS attack tends to use multiple devices to try and infiltrate a network. The types of networks that are usually under threat from these would be ones like websites, banks, and payment websites.   Some of the main websites that are targeted by DDOS attacks would be ones like banks and payment websites.   Test yourself 242 One way of trying to find a password is using a dictionary software. This goes through some of the most common passwords and trying them when trying to get access to the account....
Read more