Chapter 10 IF1

?
What is a data controller?
The party who keeps personal data on their customers and determines how and why it is processed
1 of 22
What is a data processor?
An organisation who processes data on a data controller's behalf
2 of 22
Under GDPR who can be liable to customers if their personal data is breached?
Both the data controller and the data processor.
3 of 22
Identify eight principles of the EU General Data Protection Regulation.
Fairly/lawfully processed, Processed for limited purposes, Adequate, relevant, not excessive, Accurate, Not kept longer than necessary, Processed in accordance with individual’s rights, Secure, Not transferred to countries without adequate protection
4 of 22
Identify eight special categories of personal data under the GDPR where more stringent protection conditions apply.
Ethnic/racial origin, Political opinions. Religious beliefs or other beliefs of a similar nature. Trade union membership. Physical/mental health. Sexual life. Commission/alleged commission of an offence. Proceedings for any offence committed/alleged
5 of 22
Identify seven requirements regarding a data subject giving consent for their data to be processed under the GDPR.
Consent must be: Freely given, Specific, Informed, Unambiguous , Positive opt in, Easy to withdraw, Separate from other terms and conditions
6 of 22
Identify eight rights of a data subject under the GDPR
The right to be informed. The right of access. The right to rectification. The right to erasure. The right to restrict processing. The right to data portability. The right to object. Rights in relation to automated decision making and profiling
7 of 22
Under the data protection laws, who is the data subject?
The person whose data is held.
8 of 22
What is the age below which parental consent is required under the Data Protection Act 2018
13
9 of 22
What Act implements the GDPR into English law?
Data Protection Act 2018
10 of 22
What is the maximum fine under the Data Protection Act 2018?
Euro20million or 4% of turnover
11 of 22
What are the five overlapping requirements of ethical behaviour?
Integrity, Fairness, Service, Client's interest, Compliance
12 of 22
What is the purpose of the CII's code of ethics?
Protect the reputation of the CII
13 of 22
Identify the 5 principles of the CII code of ethics
Comply with the code and law, Act with the highest ethical standards and integrity, Act in the best interests of the client, Provide a high standard of service, Treat people fairly
14 of 22
Identify the three key areas of training and competence
Assessing competence, Maintaining competence, Record keeping
15 of 22
What must a regulated firm do until they are confident an employee is competent in their role?
Supervise them
16 of 22
Who are eligible complainants
A consumer, A micro-enterprise (<10 employees, <£2, A charity (income <£1 million), A trust with a net asset value of less than £1 million
17 of 22
Whats does the Financial Services Compensation Scheme (FCSC) do
Provides compensation to customers of deposit-taking companies, investment firms and authorised insurers and independent intermediaries where the firms are not longer able to meet claims against them
18 of 22
What does the Financial Ombudsman Service (FOS) do
Deals with disputes from eligible complainants, providing impartial and independent resolution of disputes between either insurer and policyholder or intermediary and client
19 of 22
When should a complaint be acknowledged
Promptly
20 of 22
What happens if a complaint is resolved within three business days
Complaints resolved within three business days do not require a final response letter (firms still need to issue a Summary Resolution Communication)
21 of 22
When must a firm provide either a final response or a written response explaining its current position and informing the complaintant they have the right to refer to the FOS
Within eight weeks
22 of 22

Other cards in this set

Card 2

Front

What is a data processor?

Back

An organisation who processes data on a data controller's behalf

Card 3

Front

Under GDPR who can be liable to customers if their personal data is breached?

Back

Preview of the front of card 3

Card 4

Front

Identify eight principles of the EU General Data Protection Regulation.

Back

Preview of the front of card 4

Card 5

Front

Identify eight special categories of personal data under the GDPR where more stringent protection conditions apply.

Back

Preview of the front of card 5
View more cards

Comments

No comments have yet been made

Similar Other resources:

See all Other resources »See all IF1 Book resources »