Across
- 2. Name for a data incident.
- 6. Only giving systems and data to those who genuinely need them.
- 9. How staff learn to handle personal data safely.
- 10. Duty to keep personal information private and secure.
- 12. Right to limit how personal data is used.
- 13. Building data protection in from the very start, not as an afterthought
Down
- 1. Length of time personal data is kept before deletion.
- 3. A basic but vital security control that should never be shared.
- 4. Safe disposal of confidential paper records.
- 5. Clear permission given for personal data to be collected and used.
- 7. Choices staff make every day that affect data security choices.
- 8. Protecting data so only authorised parties can read it.
- 11. A deceptive attempt to trick staff into revealing sensitive information.