Download our prospectus

16-18

Download 16-18 prospectus

University & Professional Development

Download University & Professional Development prospectus

Answers to GDPR Quiz

1. What does PII stand for?
Personally Identifiable Information – data that helps identify an individual


2. What is a data subject access request (DSAR)?
Any request. Verbal or written, from an individual exercising their rights to receive any data about them that the College holds


3. Who is the regulator responsible for enforcing the GDPR in the UK?
The Information Commissioner’s Office (ICO) www.ico.org.uk


4. The EU GDPR was enacted into which UK law?
In the UK, the Data Protection Act 2018 is the UK law that embodies the GDPR

 

5. What is a retention policy?
The College’s policy that defines when different types and categories of personal data processed will be removed, deleted or anonymised


6. If you receive a request from the third party to share personal data with them, what should you do?
Remembering that unlawfully divulging personal information to someone other than the appropriate recipient is a data breach in itself, then it’s important to pass the request onto the DPL immediately


7. What precautions should you take if you are using your own device for work?
If you use your own personal device to access or store personal data processed by the College then you should:

  • Ensure that your device has the latest security updates installed
  • Ensure you follow the College’s Bring your Own Device (BYOD) policy and the College’s rules for secure passwords
  • Don’t let others use your device (including family members)

 

8. What should you do if there is a personal data breach?
If you suspect there has been a data breach then don’t hold onto it, report it to the DPL immediately. All incidents have to be recorded in the Breach Book and the Risk Register

9. What should you do if you receive a suspicious email?
If you receive any suspicious emails then report this to the IT Team immediately. Avoid opening any attachments or clicking on any links in the email. Inform the DPL so that it can be recorded in the Breach Book and the Risk Register and if you think you’ve been hacked change your password immediately


10. When should you contact the DPL?
If in doubt, don’t give it out, give the DPL a shout. You should contact the DPL whenever you are:

  • Not sure about any aspect of handling, processing or protecting personal data
  • Suspect that there has been a breach
  • Not sure how to interpret or follow College policies