Unlimited data retention

No accountability for data breaches

Key principles include lawful processing, consent, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

Data sharing without consent

Ignore the breach and continue operations

Notify only the internal staff without informing authorities

Delete all data to prevent further access

Assess the breach, notify affected individuals and authorities, contain the breach, investigate, prevent future incidents, and document the response.

Organizations are not required to update personal data under the Data Protection Act.

The Data Protection Act allows organizations to ignore data accuracy.

The Data Protection Act only addresses data security, not accuracy.

The Data Protection Act mandates that personal data must be accurate and up to date, with organizations responsible for ensuring data accuracy.

Improved customer engagement

Enhanced data sharing capabilities

Legal penalties, loss of trust, financial losses, and reputational damage.

Increased employee satisfaction

Informed consent is only necessary for experimental treatments.

Informed consent requires that patients are provided with adequate information, understand the information, and voluntarily agree to the treatment.

Informed consent can be assumed if the patient is a returning client.

Informed consent is not required if the treatment is deemed urgent.

Data security measures are optional and can be ignored.

Hospitals should implement encryption, access controls, and regular security audits to protect patient data.

Data security only involves physical security of the premises.

Hospitals can rely solely on third-party vendors for data security.

Patients have the right to access, correct, and request deletion of their health information.

Patients must pay a fee to access their health information.

Patients have no rights to access their health information.

Patients can only request their information through a lawyer.