IELTS Atlas

Focused study mode

Sentence Completion · Beginner Practice

Data Protection — A Short Guide for Staff

13 questions · 20 min suggested · Lesson 21 of 31 · 30 XP

0/13

The company holds personal information about its employees, customers and suppliers in order to conduct its business. Every member of staff has a role to play in keeping that information safe, accurate and used only for the purposes for which it was collected. The short guide below sets out the most important principles; the full policy is available on the staff portal.

**What counts as personal data.** Personal data is any information that identifies a living individual, either on its own or when combined with other information readily available. Names, addresses, telephone numbers, salary details, performance records, bank details and photographs are the most common examples. Less obvious items — IP addresses used when an employee logs in, building access records, and recordings of internal calls — also count.

**Six key principles.** All personal data that the company holds must be: collected fairly and for a stated purpose; used only for that purpose or for a compatible new purpose; kept no longer than is genuinely needed; kept accurate and up to date; protected by appropriate security; and handled in a way that allows the individual concerned to exercise their rights, including the right to be told what is held about them.

**Sharing data.** Personal data must not be shared with any party outside the company without a valid reason. Even inside the company, data should be shared only with colleagues who need it in order to carry out their role. If you are unsure whether a particular sharing request is appropriate, contact the Data Protection Officer before sharing, not after.

**Holding periods.** Most employee records are kept for six years after an employee leaves the company, to meet legal and tax requirements; some specific records — for example, health and safety training logs — may be kept for longer. Customer records are kept for seven years after the last interaction, unless the customer has asked for their data to be deleted earlier.

**Incidents.** Any suspected loss of data, or any accidental sharing with the wrong party, must be reported to the Data Protection Officer as soon as it is noticed, and in any event within twenty-four hours. Early reporting allows the company to contain the impact and to meet its legal reporting obligations.

---

Questions 1419

Sentence completion

Max 3 words
  1. Personal data is any information that can identify a living
  2. Recordings of internal telephone calls and records of building access also count as ______ data.
  3. The six principles include the requirement that data must be kept no longer than is genuinely
  4. If staff are not sure whether to share data, they should contact the Data Protection
  5. Most employee records are kept for ______ years after the employee has left.
  6. Any suspected loss of data must be reported within

Questions 2022

Multiple choice

  1. Limited personal use of company IT is
  2. If a company device is lost or stolen, the correct action is to
  3. Free or 'open-source' software

Questions 2326

Matching Features

  1. An employee checks a personal bank statement during their lunch break.
  2. A staff member ensures that their company laptop is locked every time they step away from their desk, even briefly.
  3. An employee uses the company's email address to post messages in a personal online argument with a stranger.
  4. The IT department reviews the web activity of a specific account after a reported incident.