Introduction to Data
Data is fact or information, particularly when examined and used to find out things or make decision. There are different forms in which data comes figure number, image, symbols, qualitative and quantitative. Data is used to answer questions, evaluation, and test by using primary and secondary source. Big data is referred to a large amount of date being processed by software’s to help organisations to store and collect data easily. Also, a CIA model has been created to to develop a secure system to process and protect data.
Introduction Data Protection and GDPR
The Data protection Act 2018 is the UK implementation of the GDPR. The data protection controls how personal data is used by organisations. The GDPR stands for General Data Protection Regulation. After the end of Brexit transition period, on the 1st of January 2021 the UK implemented their own version of GDPR. GDPR is applied to all organisation that process people’s data based in UK including third parties, UK GDPR also applies to the organisations that are not based in UK but have different services and offer products to UK population. The UK GDPR has 2 key principles of processing data which sets the right of consumers and obligations for organisation. The 2 key principles are:
- Organisations need to have a purpose for collecting and processing customer data, have security measures in place to protect data from unauthorised users or breaches.
- Person whose data is collected has some right to the data for example, review data, change, and challenge data processing way.
UK GDPR provide data subject right for individuals which are: right to be informed, right to rectification, right of access, right to restrict processing, right to reassure, right to object, right in relation to automated decision making and profiling and right to date portability. The key definition of UK GDPR is controller, processer, processing, personal data, third-party and consent. GDPR has 7 key principle which you can see in the picture.
For more information visit: legislation.gov.uk
Principle of Data Protection and GDPR
| Law | Describe | |
|---|---|---|
| Article 6- Lawfulness of Processing | This article is about having a valid lawful reason to process personal data. There are 6 lawful reasons for processing consent, contract, legal obligation, vital obligation, public task, and legitimate interest. One of these should be used to process personal information. It is important to check that the process is necessary for the purpose, the privacy notice should include purpose of processing and the lawful basics of processing. When processing special category data, the condition of processing needs to be identified and the same for processing criminal data. Also, this information needs to be documented. | |
| Article 9 - Processing of Special Categories of Personal Data | This article talks about personal data that needs to protect as it is sensitive information like ethnic original, political view, religion, gender, sexual orientation, and health. There are 10 conditions for processing special category data in act 9, at least 1 condition need to be meet for processing data. | |
| Article 15 - Right of Access by the Data Subject | This article talks about personal data that needs to protect as it is sensitive information like ethnic original, political view, religion, gender, sexual orientation, and health. There are 10 conditions for processing special category data in act 9, at least 1 condition need to be meet for processing data. | |
| Data Breach | UK GDPR gave responsibility to organisation to report personal data breach to authority and it should be reported within 72 hours of being aware, all breaches should be documented. | |
| Consent | Consent comes under different article. Consent is when an individual give permission to process their personal data. Consent requests should be kept separate from terms and conditions, explicit consent needs to be clear and specific statement of consent. Individual should be clear and concise, keep evidence of consent and keep reviewing it. | |
| Article 22 - Automated Decision- Making Including Profiling. |
For more information visit: legislation.gov.uk