APC Mandatory - Data Management Flashcards
What is personal data
Uk GDPR Article 4
Personal data is any information relating to an identified or identifiable natural person (data subject), and an identifiable natural person is one who can be identified directly or indirectly
What is the freedom of information act
Gives individuals the right to access information held by public bodies
What are the exceptions to a FOI request
- Contrary to GDPR requirements
- It would prejudice a criminal matter
- CRCA overrides FOI request
What are the benefits to cloud based storage systems?
- Info backed up securely on encrypted servers
- Environmental friendly
- Could be cheaper than managing hard copy files
What is a non disclosure agreement?
Used to protect against disclosure or sharing of confidential data
Prior to sharing confidential info, the recipient will be requested to sign an NDA to ensure confidentiality
If 2 departments within ure firm were working for 2 rival companies how would u ensure data confidentiality
Per RICS Global COI 2018
1) Make client aware of risks involved with COI
2)Request written confirmation from both parties
3) Conflict management;
Ensure single communication lines to client, separate working locations for staff and NDA’s, also make sure data is secure
Key persons outlined in GDPR?
CONTROLLER
Determines process and means of processing of personal data (I.e employer processing employees data, employer considered controller)
PROCESSOR
Process data on behalf of controller (ie call centre on behalf of client).
DATA PROTECTION OFFICER
Under GDPR dpo is a required leadership role overseeing data protection
What are the 8 individual rights under GDPR
Article 5 Part II
Rights to
1) be informed
2) access information
3) rectify information
4) erasure
5) Restrict data processing
6) data portability
7) object
8) automated decision making and profiling
What things must companies put in place to ensure GDPR
Raise awareness
Review proceadures
Audits
CEW FS
How is data managed and protected within ure firm?
VOA policy CEW-FS
Clear desk policy
Encryption technology
Waste disposal for restrictive info/data
Fire wall protection
Security markings
What is GDPR?
Gives rights and protection to living data subjects over who holds their personal data and how that data is used
What are the 7 principles of GDPR?
LDP ASIA
Lawful fair and transaction
Data minimisation
Purpose limitation
Accuracy
Storage limitations
Integrity and confidentiality
Accountability
Who is the responsible body for overseeing GDPR in the UK?
Information commissioner office
GDPR breach what happens?
Inform ICO within 72 hrs
Can be fined up to 20m euros or 4% of turnover whichever is greater
What is the purpose of CRCA 2005
Protect ratepayer confidentiality