7 - Data Management Flashcards

1
Q

Data Management - Extract from Candidate Guide - Aug 2018 (updated Feb 2022)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does GDPR stand for ?

A

General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When did GDPR come into affect ?

A

New rules relating to how we collect and process personal data - the EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What could happen if you do not meet the requirements ?

A

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher
• £8.7 million or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Have you completed any training on GDPR ? what did you learn ?

A

Yes, please see CPD …..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the maximum fines (UK GDPR) , how are the fines calculated ?

A

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What legislation covers data protection in the UK ?

A

Data Protection Act 2018 and UK GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who does Freedom of Information Act Apply to?

A

Public right of access to information held by public authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does GDPR apply post Brexit ?

A

Yes, many aspects of GDPR will be converted into UK Law on 1st Jan 2021 under the titles UK GDPR. in turn companies will still need to comply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What will the changes include (GDPR post Brexit)?

A

UK government will control the UK GDPR as opposed to the European union.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who oversee information rights in the UK ?

A

ICO - International Commissioners Office

https://ico.org.uk/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What happens if you are sharing or processing data from the EU ?

A

Adhere to :
• UK GDPR
• EU GDPR
• Data Protection Act 2018
q

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who enforces the data protection ?

A

Information commissioners office - ICO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you ensure data you hold on clients is kept secure and confidential ?

A

I use secure documents that are stored on password protected machines and servers. I also only keep the information I need and use it for the purpose it has been collected without passing it on unless I have approval prior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 7 GDPR principles? - LADSPAS

A

• Lawfulness, fairness and transparency – leave the individual fully informed
• Accuracy – where necessary kept up to date, erase inaccurate personal data without dela
• Data minimisation – collect the minimum data you need
• Storage limitation – Retain the data for a necessary limited period and then eras
• Purpose limitation – must inform your clients about the purpose of the data collection
• Accountability – Record and prove compliance
• Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does GDPR stand for ?

A

General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How have you changed the way you managed data during COVID 19 and home working ?

A

Only allowed to use work equipment, the storage of files/documents to be locked away, regular update on password protected equipment etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the Freedom of Information Act enable?

A

Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates Limit access to sensitive data use smart passwords to resident details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How do you ensure the data that you hold on your clients is kept secure and confidential?

A

Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Why do you keep company data for 12 years?

A

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is project extranet?

A

A computer network that allows controlled access from the outside for specific project purposes. Essentially is a system that allows individuals outside the company to view project files on a secure platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is BIM?

A

Building Information Modelling. Software creating 3D models that allow industry professionals to better plan, design, construct and mange buildings/infrastructure.

23
Q

What are the disadvantages of BIM?

A

Very expensive and not all construction professionals use it and therefore less experts.

24
Q

How does BIM effect your role as a CA?

A

I’ve not used it but I would imagine that it simplifies the process by theoretically reducing the amount of variations required.

25
Q

What should you do if there is a data breach ?

A

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

26
Q

What are ISO Standards ?

A

International Organisation for Standardisation. An international standard setting body of representatives from varying national standards.
• ISO 9000 – Quality Management Systems
• ISO 8000 – Data Quality
• ISO 14001 – Environmental Management Systems
• ISO 45001 – Health and safety

27
Q

What is the limitations act ?

A

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

28
Q

Can you give me some example of the data you manage ?

A

• Client details
• Finances
• Contact details
• Project details
• Complaints
• etc

29
Q

What is personal data ?

A

Personal data only includes information relating to natural persons who:
• can be identified or who are identifiable, directly from the information in question; or
• who can be indirectly identified from that information in combination with other information.
• Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.

30
Q

What are the UK GDPR Principles ?

A

The UK GDPR sets out seven key principles:
• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/

31
Q

What are the GDPR rights ?

A

The UK GDPR provides the following rights for individuals:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

32
Q

What is the process if there is a data breach ?

A

• The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
• If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
• You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.
• You must also keep a record of any personal data breaches, regardless of whether you are required to notify.

33
Q

What are the penalties for breaches of data protection?

A

The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements.

34
Q

Can you expand on what BCIS is ?

A

The Building Cost Information Service, provides cost and price data for the UK construction industry. It is a part of the Royal Institution of Chartered Surveyors.

35
Q

What are the principles of the Data Protection Act 2016 ?

A

LADSPAL

• Lawfulness, fairness, and transparency. Whenever you’re processing personal data, you should have a good reason for doing so.
• Purpose limitation.
• Data minimization.
• Accuracy.
• Storage limitation.
• Integrity and confidentiality.
• Accountability.

36
Q

Who enforces the data protection act ?

A

The Information Commissioner’s Office (ICO)

37
Q

What are the penalties available ?

A

The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover

38
Q

What is the Data Protection Act 2018 ?

A

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government

39
Q

What are the principles of the Bribery Act ?

A

PCRCDM
• Proportionality
• Commitment (Top Level)
• Risk assessment
• Communication
• Due Diligence
• Monitor and Review

40
Q

Why is it important that we safeguard information?

A

As personal data can be used in various ways

41
Q

What kind of information is ‘sensitive’ information?

A

Health records, financial information, address, educational records etc

42
Q

Why do the General Data Protection Regulations 2018 exist?

A

To control how your personal information is used by organisations, businesses or the government

43
Q

Which body is responsible for enforcing the GDPR?

A

The Information Commissioner’s Office (ICO)

44
Q

What does the Freedom of Information Act enable?

A

The Freedom of Information Act 2000 is an Act of the Parliament of the United Kingdom that creates a public “right of access” to information held by public authorities.

45
Q

What are the benefits of using external data sources such as BCIS etc?

A

• Industry wide data
• Standardisation
• Data management

46
Q

How do you ensure the data that you hold on your clients is kept secure and confidential ?

A

• We use an only system to carry out checks
• Operate a clear desk policy
• Shredding of details etc
• Two factor authentication of IT systems

47
Q

How do you ensure the data that you hold on your clients is kept secure and confidential ?

A

• We use an only system to carry out checks
• Operate a clear desk policy
• shredding of details etc
• Two factor authentication of IT systems

48
Q

How long do you keep client’s data and how do you ensure it is deleted when necessary?

A

Dependent on the type of data and the contract
• Under hand - 6 years
• Under deed - 12 years
• Limitations act – 15 years

49
Q

What are the 8 rights under GDPR ?

A

The Right to Information
The Right of Access
The Right to Rectification
The Right to Erasure
The Right to Restriction of Processing
The Right to Data Portability
The Right to Object
The Right to Avoid Automated Decision-Making

50
Q

What is the new data protection legislation in the UK ?

A

UK GDPR

51
Q

What types of breaches are there under GDPR ? DDA

A

• Disclosure
• Destruction
• Alteration

52
Q

What is personal information ?

A

• Address
• DOB
• Bank details

53
Q

What is sensitive information/data ?

A

• Medical records
• Sexual orientation

54
Q

What is copyright ?

A

Copyright is an intellectual property right assigned automatically to the creator. It prevents unauthorised copying and publishing of an original work. Copyright applies to research data and plays a role when creating, sharing and reusing data.