APC Mandatory - Data Management Flashcards

1
Q

What is personal data

A

Uk GDPR Article 4
Personal data is any information relating to an identified or identifiable natural person (data subject), and an identifiable natural person is one who can be identified directly or indirectly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the freedom of information act

A

Gives individuals the right to access information held by public bodies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the exceptions to a FOI request

A
  1. Contrary to GDPR requirements
  2. It would prejudice a criminal matter
  3. CRCA overrides FOI request
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the benefits to cloud based storage systems?

A
  1. Info backed up securely on encrypted servers
  2. Environmental friendly
  3. Could be cheaper than managing hard copy files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a non disclosure agreement?

A

Used to protect against disclosure or sharing of confidential data

Prior to sharing confidential info, the recipient will be requested to sign an NDA to ensure confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If 2 departments within ure firm were working for 2 rival companies how would u ensure data confidentiality

A

Per RICS Global COI 2018

1) Make client aware of risks involved with COI
2)Request written confirmation from both parties
3) Conflict management;
Ensure single communication lines to client, separate working locations for staff and NDA’s, also make sure data is secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Key persons outlined in GDPR?

A

CONTROLLER
Determines process and means of processing of personal data (I.e employer processing employees data, employer considered controller)

PROCESSOR
Process data on behalf of controller (ie call centre on behalf of client).

DATA PROTECTION OFFICER
Under GDPR dpo is a required leadership role overseeing data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 8 individual rights under GDPR

A

Article 5 Part II
Rights to
1) be informed
2) access information
3) rectify information
4) erasure
5) Restrict data processing
6) data portability
7) object
8) automated decision making and profiling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What things must companies put in place to ensure GDPR

A

Raise awareness
Review proceadures
Audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CEW FS

How is data managed and protected within ure firm?

A

VOA policy CEW-FS
Clear desk policy
Encryption technology
Waste disposal for restrictive info/data
Fire wall protection
Security markings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is GDPR?

A

Gives rights and protection to living data subjects over who holds their personal data and how that data is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 7 principles of GDPR?

A

LDP ASIA
Lawful fair and transaction
Data minimisation
Purpose limitation
Accuracy
Storage limitations
Integrity and confidentiality
Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who is the responsible body for overseeing GDPR in the UK?

A

Information commissioner office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

GDPR breach what happens?

A

Inform ICO within 72 hrs
Can be fined up to 20m euros or 4% of turnover whichever is greater

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of CRCA 2005

A

Protect ratepayer confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How long can you store data for under the CRCA

A

No time limit but needs to be reasonable, necessary and propotinate

17
Q

What act covers data in the UK

A

Data protection act 2018 and its amended version 2021 post brexit

18
Q

What happens if you breach CRCA?

A

Sec 19
Maximum 2 Yr imprisonment or unlimited fine

19
Q

Can you use someone else’s work

A

Under copyright designs and patents act 1988
Sec 50 allows for stat function
Sec 45 allows for judicial proceeding
If recive permission from copyright owner
In accordance with terms of publisher
Acknowledge source

20
Q

What is the deadline once a FOI or SARS is requested?

A

Depends
GDPR - Should respond within 1 month (Article 12). This can be extended to 2 months where complex.
FOI - 20 working days

21
Q

Which acts are relevant to data management

A

GDPR 2016
DPA 2018
CRCA 2005
EIR 2004 (covers foi relating to environmental matters)
Copyrights design and patents act 1988
FOI 2000
PRA 1958 (must manage data in accordance with FOI sec 46)

22
Q

How does your employer store data?

A

CDB - local taxation and SDLT
EDRM- holds historic correspondence and plans
NBS holds taxation info for non standard properties
CWS holds CCA related information

23
Q

L2 examples

A

Ashton - Appeal
Took over appeal case. Noted appellant wished for her farther to act on her behalf. Could not located LOA. Requested new LOA in line with GDPR
Manchester
Dealt with agent on challenge who informed they had been disinstructed. Immediately ceased sending any further correspondence and ensured any further data was sent direct to IP

24
Q

L3 examples

A

Manchester - allowance
Agent sought 7.5 % frag allowance. Unusual building. Extracted data and confirmed allowance was discontinued from 2010 list. Intergoated surrounding rents and confirmed this property was unusual and would mostly likely obtain lower rent in open market. Therefore agreed with agent and awarded allowance.
FOI request reg 17 need to confirm this one

25
Q

Fines under GDPR

A

4% of global turnover
Or 20m euros

26
Q

What is ISO 27001

A

First published in 2005 by International organisation for standardisation (ISO) recently revised in 2022.
Widely used global security framework focusing on data confidentiality,integrity and availability [CIA]. It involves audits followed by ongoing certification.
Helps organisations have a better approach to data security

27
Q

What are the main differences between DPA and GDPR?

A

In summary, the GDPR serves as the foundational regulation for data protection in the EU, while the UK DPA 2018 adapts GDPR principles to the UK’s context, particularly after Brexit

(There is a new accountability requirement- you are required to show how you comply with the principles).