9. Data Management

Question 1

What is data management?

Answer 1

The practice of ingesting, processing, securely and storing an organisations data.

Question 2

What is GDPR?

Answer 2

General Data Protection Regulation. This is a set of EU wide data protection rules. The UK also have a UK GDPR which mirrors EU GDPR but stands separate as as part of UK domestic law.

Question 3

When did GDPR come into affect?

Answer 3

25th May 2018.

Question 4

What are 7 examples of GDPR?

Answer 4

LADSPAI

Lawfulness, fairness and transparancy
Accuracy
Data minimisation
Storage limitation
Purpose limitation
Accountability
Integrity and confidentiality

Question 5

What is the Data Protection Act 2018?

Answer 5

UK GDPR was brought into UK law as the Data Protection Act 2018.

Question 6

What is the importance of the Data Protection Act 2018?

Answer 6

The Act compels individuals to take control of their personal data.

Question 7

What are the key principals of the Data Protection Act 2018?

Answer 7

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Store limitation
Integrity and confidentiality
Accountability

Question 8

What are a persons rights under the Data Protection Act 2018?

Answer 8

Under the Act, people have the right to:

• To be informed about how their data is being used.
• The right to access their data.
• The right to have incorrect information updated.
• To have their data erased.
• To object to the use of their data.

Question 9

What is the maximum fine and how is this calculated?

Answer 9

£17.5m or 4% of the total annual turnover of the proceeding year, whichever is higher.

Question 10

Give me an example of how you process confidential information?

Answer 10

• Password protection
• Discuss with only those who need to know
• Mark any papers/information as confidential and shred before disposal

Question 11

Give me an example of how you ensure that data is kept securely?

Answer 11

• Password protection
• Multi factor authentication
• Be wary of suspicious emails and report these to IT team

Question 12

How does your company ensure compliance with the Data Protection legislation generally?

Answer 12

Only use data which is needed to perform day to day operations.
All data should be held securely.
Information that is no longer required is deleted.

Question 13

What difference sources of information do you use in your day-to-day surveying?

Answer 13

RICS Guidance Notes
Contract Documentation
Previous Tenders
Valuation Data

Question 14

What is ISO 9001?

Question 15

What are the requirements for ISO 9001?

Question 16

Who does the Freedom of Information Act apply to?

Answer 16

Public right of access to information held by public authorities

Question 17

Who oversees information rights in the UK?

Answer 17

ICO - International Commissioners Office

Question 18

What is a project extranet?

Answer 18

Essentially a system that allows individuals outside the company to view an online platform

Question 19

Why do you keep company data for 12 years?

Answer 19

This is a requirement under PII.

Contracts under deed are to be kept for a minimum of 12 years.
Contracts under hand are to be kept for a minimum of 6 years.

Question 20

What are the breaches under GDPR?

Answer 20

DDA

Disclosure
Destruction
Alteration

Question 21

What is the process if there is a data breach?

Answer 21

Report certain personal data breaches to relevant supervisory authority. This must be done within 72 hours of breach where feasible.

Question 22

What kind of information is sensitive information?

Answer 22

Health records
Financial information
Address
Educational records

Question 23

What is copyright?

Answer 23

This is an intellectual property rightly assigned automatically to the creator.