COMPUTER SKILLS AND RESEARCH

MAJOR TOPIC:DATA PROTECTION

TEREZ GABOR
 CONTENT

● Introduction
• Principle of data
● Practical of principle
● References
● Q&A
 INTRODUCTION
• Computer security, also known as security or IT, is the protection of
information systems from theft or damage to the hardware, the
software, and to the information on them, as well as from disruption
or misdirection of the services they provide
• Data means information which is automatically processed or
recorded with the intention of being automatically processed or
recorded as part of a relevant filing system
The law provides stronger protection for more sensitive information
such as:

• Racial or ethnic origin

• Political opinions
• Religious or other beliefs
• Trade union membership
• Physical or mental health
• Sexual life
• Offences
 PROCESSING
Includes obtaining, holding and carrying out
any operation on the information or data.

Data Controller
A person who (either alone or in
common with other persons)
determines the purposes for which
and the manner in which personal
data are, or are to be, processed.
 Security Statement
TH E M EA SURES A RE B A SED O N A N A SSESSM ENT O F
TH E RI SKS I NVOLVED I N TH E P RO CESSI NG
M EA SURES I NCL UDE:
- A D O PTI NG A N I NFORMA TI ON SEC URI TY P O LI CY
- TA KI NG STEP S TO C O N TROL P H Y SI CAL
SEC URI TY
- P UTTI N G I N P L A CE C O N TROL S O N A C CESS TO
I NFORMATI ON
- ESTA B L I SHING A B USI NESS C O NTI NUI TY P L A N
- TRA I NING STA F F O N SEC URI TY SY STEM S &
P RO CEDURES
- D ETEC TI NG & I N VESTI GA TI NG SEC URI TY
B REACHES
 The Principles

There are number of Data

Protection Principles which set
enforceable standards for the
collection and use of personal
data.

Personal data shall be processed

fairly and lawfully and in particular
shall not be processed unless: is
satisfied for all personal data and for
all sensitive personal data.
 The First Principle

The individual must be informed of:

• The identity of the data controller

• The purpose(s) for which the data are intended to be processed
• Any other information which is necessary having regard to the
specific circumstances in which the data are, or are to be
processed
• Personal data processed for any purpose or purposes shall not
be kept for longer than is necessary for that purpose or those
purposes.

• Personal data shall be obtained for only one or more specified

and lawful purpose and shall not be further processed in any
manner incompatible with that purpose or purposes.

• Appropriate technical and organisational measures shall be

taken against unauthorised or unlawful processing of personal
data and against accidental loss or destruction of, or damage
to, personal data
 Privacy Policy Statements
• What information does the site receive and how is it used?
• Can I choose what information I disclose?
• Can I choose what information I receive?
• How can I review, access or change my information?
• How is my information kept secure?
• Who has access to my information?
• What about other companies?
• Who can I contact if I have a query?
Practical Implementation of the Seventh
Principle

• Clarify responsibilities
• Assess risks
• Formulate policy
• Impose contractual obligations
• Proactive policy implementation and oversight
 REFERENCE
JEFF KOSSEFF& IOWA L. (2018) CYBER SECURITY, 103

WWW.DATAPROTECTION.GOV.JE

HTTPS://WWW.EXPERIAN.CO.UK/BUSINESS/GLOSSARY/DATA -
PROTECTION-ACT

HTTPS://EUROPA.EU/YOUREUROPE/CITIZENS/CONSUMERS/INTERN
ET-TELECOMS/DATA-PROTECTION-ONLINE-
PRIVACY/INDEX_EN.HTM