Podcast
Questions and Answers
What is the primary responsibility of the business unit data protection executive (BU DPE)?
What is the primary responsibility of the business unit data protection executive (BU DPE)?
Who is the first point of contact for concerns related to personal data?
Who is the first point of contact for concerns related to personal data?
Which role is responsible for monitoring compliance with local data protection requirements?
Which role is responsible for monitoring compliance with local data protection requirements?
What does the DPE office do in relation to data breaches?
What does the DPE office do in relation to data breaches?
Signup and view all the answers
Which individual fulfills the role of BU DPE?
Which individual fulfills the role of BU DPE?
Signup and view all the answers
What is the role of the global data protection officer (DPO)?
What is the role of the global data protection officer (DPO)?
Signup and view all the answers
Which statement best reflects the philosophy behind personal data protection at ING?
Which statement best reflects the philosophy behind personal data protection at ING?
Signup and view all the answers
What is a key activity performed by the data protection executive office (DPE)?
What is a key activity performed by the data protection executive office (DPE)?
Signup and view all the answers
Which principle should be prioritized when handling personal data?
Which principle should be prioritized when handling personal data?
Signup and view all the answers
What is the definition of personal data?
What is the definition of personal data?
Signup and view all the answers
Which of the following would NOT be considered personal data?
Which of the following would NOT be considered personal data?
Signup and view all the answers
What is a key responsibility of employees regarding personal data?
What is a key responsibility of employees regarding personal data?
Signup and view all the answers
Which piece of information is most likely to be classified as sensitive personal data?
Which piece of information is most likely to be classified as sensitive personal data?
Signup and view all the answers
Why is it important for banks to maintain trust regarding personal data?
Why is it important for banks to maintain trust regarding personal data?
Signup and view all the answers
Which of the following statements is true regarding sensitive personal data?
Which of the following statements is true regarding sensitive personal data?
Signup and view all the answers
What should customers do if they are unsure whether a piece of information is personal data?
What should customers do if they are unsure whether a piece of information is personal data?
Signup and view all the answers
What is the main goal of ING's digital environment in relation to employees with disabilities?
What is the main goal of ING's digital environment in relation to employees with disabilities?
Signup and view all the answers
What should an employee do if they cannot complete the eLearning due to limited accessibility?
What should an employee do if they cannot complete the eLearning due to limited accessibility?
Signup and view all the answers
Which of the following is a reason why personal data needs to be protected?
Which of the following is a reason why personal data needs to be protected?
Signup and view all the answers
What is implied as a key responsibility of ING employees regarding personal data?
What is implied as a key responsibility of ING employees regarding personal data?
Signup and view all the answers
Why is privacy described as a human right in the context of personal data protection?
Why is privacy described as a human right in the context of personal data protection?
Signup and view all the answers
Who should complete a tailored module of the data protection training?
Who should complete a tailored module of the data protection training?
Signup and view all the answers
What is one of the potential risks of failing to protect personal data?
What is one of the potential risks of failing to protect personal data?
Signup and view all the answers
What does ING expect from its employees regarding the handling of personal data?
What does ING expect from its employees regarding the handling of personal data?
Signup and view all the answers
Can Cassy legally reach out to her colleagues to ask for customer contact details collected for a different service?
Can Cassy legally reach out to her colleagues to ask for customer contact details collected for a different service?
Signup and view all the answers
What is a key principle of collecting personal data mentioned in the content?
What is a key principle of collecting personal data mentioned in the content?
Signup and view all the answers
What would constitute a lawful basis for processing personal data according to the content?
What would constitute a lawful basis for processing personal data according to the content?
Signup and view all the answers
What must Cassy do if she believes there are exceptions that allow her to use the existing list of contact details?
What must Cassy do if she believes there are exceptions that allow her to use the existing list of contact details?
Signup and view all the answers
In the context of GDPR, which of the following is NOT a lawful basis for processing personal data?
In the context of GDPR, which of the following is NOT a lawful basis for processing personal data?
Signup and view all the answers
What is a limitation on using personal data collected for a specific purpose?
What is a limitation on using personal data collected for a specific purpose?
Signup and view all the answers
Why is it important to keep personal data accurate and up to date?
Why is it important to keep personal data accurate and up to date?
Signup and view all the answers
What does the BCR describe lawful basis as?
What does the BCR describe lawful basis as?
Signup and view all the answers
Which scenario could be considered a lawful basis for processing personal data?
Which scenario could be considered a lawful basis for processing personal data?
Signup and view all the answers
What should be done with personal information once it is no longer needed for its intended purpose?
What should be done with personal information once it is no longer needed for its intended purpose?
Signup and view all the answers
What determines the level of security measures that must be implemented for personal data?
What determines the level of security measures that must be implemented for personal data?
Signup and view all the answers
What is the purpose of a Business Impact Assessment (BIA) in data management?
What is the purpose of a Business Impact Assessment (BIA) in data management?
Signup and view all the answers
What must ING maintain regarding personal data processing activities?
What must ING maintain regarding personal data processing activities?
Signup and view all the answers
Who is responsible for the record of processing activity (RoPA) within a team?
Who is responsible for the record of processing activity (RoPA) within a team?
Signup and view all the answers
What indicates that personal data has been permanently deleted?
What indicates that personal data has been permanently deleted?
Signup and view all the answers
What should an employee do if they are unsure who is responsible for the RoPA in their department?
What should an employee do if they are unsure who is responsible for the RoPA in their department?
Signup and view all the answers
What is the primary purpose of conducting a pre-DPIA?
What is the primary purpose of conducting a pre-DPIA?
Signup and view all the answers
Which principle is NOT one of the key principles to consider when processing personal data?
Which principle is NOT one of the key principles to consider when processing personal data?
Signup and view all the answers
What should be done if a pre-DPIA indicates a high risk for individuals?
What should be done if a pre-DPIA indicates a high risk for individuals?
Signup and view all the answers
Which of the following rights allows an individual to request deletion of their personal data?
Which of the following rights allows an individual to request deletion of their personal data?
Signup and view all the answers
What right do customers have regarding the information ING holds about them?
What right do customers have regarding the information ING holds about them?
Signup and view all the answers
Which of the following statements about individual rights is incorrect?
Which of the following statements about individual rights is incorrect?
Signup and view all the answers
In which case would a DPIA be essential?
In which case would a DPIA be essential?
Signup and view all the answers
What is a key function of a full DPIA?
What is a key function of a full DPIA?
Signup and view all the answers
Study Notes
General Awareness
- ING is committed to supporting all employees, including those with disabilities.
- Digital accessibility is a goal for all ING employees and supported by colleagues.
- International Web Content Accessibility Guidelines (WCAG 2.1) were used.
- An accessible PDF is provided if the eLearning module does not meet screen reader requirements.
- Employees can confirm completion to [email protected] (optional cc to manager).
- Completing this training module is for general data protection overview.
- Tailored modules exist for employees in specific roles. (e.g., Process/Product owner, Contract owner, Asset owner, Data owner)
Protecting Personal Data
- ING's training emphasizes data protection principles.
- This training is a general overview of data protection.
- Personal data must be handled safely and compliantly.
- ING emphasizes retaining trust and protecting privacy.
- Sharing personal data without consent can have serious consequences (e.g., identity theft, discrimination, malicious activity).
Why Personal Data Matters
- Privacy is a human right.
- Customers, suppliers, business partners, and employees trust ING to handle their personal information responsibly.
- Personal data is a valuable asset that needs protection.
- Protecting customer privacy is the responsibility of all involved.
How ING Takes Responsibility
- ING is committed to handling personal data according to expectations.
- ING complies with EU General Data Protection Regulation (GDPR) and local data protection requirements.
- ING applies GDPR principles globally unless local laws provide more protection.
- ING has a Global Personal Data Protection Policy (GPDP) and corporate rules (BCR) for employee, client, supplier and business partner data.
- Global Data Protection Policies are also shared externally and approved by the Dutch Data Protection Authority.
Internal Policies and Standards
- ING has a Global Personal Data Protection Internal Policy (GPDP).
- ING uses a Global Personal Data Protection Process Control Standard (PCS).
People to Support You
- ING has personal data experts in every business unit.
- Data protection contact information is available on ING Today.
- The Data Protection Executive Office (DPE) is the first point of contact for data concerns.
- The DPE office manages compliance with the GPDP and BCR.
Data Protection Executive Office (DPE)
- The DPE office handles data breaches, processing register supervision and impact assessments.
- The DPE office supports the business unit data protection executive (BU DPE).
Business Unit Data Protection Executive (BU DPE)
- The BU DPE is responsible for compliance within the business unit.
- The Chief Operating Officer (COO) fulfills this role at a business unit level.
Business Unit Data Protection Officer (BU DPO)
- The BU DPO provides data processing advice.
- The BU DPO monitors compliance with the GPDP, BCR, and local requirements.
- The BU DPO assists with cross-border issues and compliance supervision.
- The BU DPO is part of the data protection compliance risk function.
- The BU DPO is the single point of contact for the Data Protection Authority
Personal Data Fundamentals
- Personal data is any information about or identifiable to an individual. -Examples of personal data include name, address, account number, date of birth, marital status, phone number .
- Sensitive personal data requires extra protection.
- Examples: health information, religious or philosophical beliefs, political opinions, sexual orientation, ethnic origin etc.
- Sensitive personal data must be handled with care and only processed in exceptional circumstances.
Consequences for ING
- Negative publicity, loss of reputation, investigation, and potential fines are potential consequences.
- Personal data breaches require prompt reporting to relevant authorities.
Data Breaches
- Data breaches can result from criminal activity or human error.
- Reporting of breaches must follow established protocols.
Storage and Access
- Protect folders and systems where documents are stored.
- Update access rights promptly when changes occur.
- Ensure access is only granted to those who need it.
How to Respond to a Breach
- Immediately mitigate the breach (e.g., recall emails).
- Inform the DPE office.
- Follow up with any necessary actions.
- Report breaches promptly to the DPE office .
The Principles of Processing Personal Data - Overview
- Processing personal data includes collecting, recording, organizing, and adapting data.
- Data processing must be aligned with GDPR, local laws and ING's corporate rules.
- Be confident about the procedures for handling personal data.
- Examples of actions include collecting, recording, organizing, structuring, storing, adapting, consulting, disclosing, combining, deleting, and destroying data.
What's Processing?
- Processing includes actions to personal data.
- Examples include collecting, recording, and organizing customer data
Purpose and Purpose Limitation
- Processing personal data needs a clearly defined purpose.
- The purpose must be relevant to the specific business activity.
Lawful Basis
- A lawful basis for processing personal data needs to apply, for example, consent, contract, legal obligation, and legitimate interest.
Transparency
- Informing individuals about how their data is used is critical for transparency.
Minimization
- Only collect the minimum amount of data needed.
- Information should be accurate, complete, and up to date.
Storage Limitation
- Store personal data appropriately; access should be limited to those who need it.
Integrity and Confidentiality
- Employ security measures to protect personal data from loss, alteration, and disclosure.
- Higher risk to sensitive personal data needs more rigorous security measures.
- Business Impact Assessments (BIAs) are mandatory for data held in assets or processes
Record of Processing Activity (RoPA)
- ING maintains a record of all personal data processing activities and parties involved.
DPIA(Data Protection Impact Assessment):
- ING performs DPIA before any data processing activities.
- Helps identify potential high risks from personal data processing.
Individual Rights
- Individuals have rights to access, rectify, and delete their personal data.
- Organisations have responsibilities regarding individuals’ rights .
Right to Object to Personal Offers
- Customers can object to unsolicited marketing communications.
- 'Opt-out' options for marketing communications should be provided.
Automated Decision-Making
- Automated processes for processing personal data need safeguards and customer consent.
Protecting Personal Data
- There are clear procedures to manage personal data for customers, employees, and business partners.
- ING has a data protection team to provide support and expertise
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers the essential principles of data protection and emphasizes the commitment of ING to support employees, including those with disabilities. It highlights the importance of digital accessibility and the guidelines followed for compliance. Understanding how to handle personal data safely and the consequences of mishandling personal information is crucial for all employees.