Data management

Question 1

What is the Data Protection Act 2018?

Answer 1

It controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Question 2

What are the Data Protection Principles?

Answer 2

They must make sure the information is:

1. Used fairly, lawfully and transparently.
2. Used for specified, explicit purposes.
3. Used in a way that is adequate, relevant and limited
   to only what is necessary.
4. Accurate and, where necessary, kept up to date.
5. Kept for no longer than is necessary.
6. Handled in a way that ensures appropriate security,
   including protection against unlawful or
   unauthorised processing, access, loss, destruction
   or damage.

There is stronger legal protection for more sensitive information, such as: race, ethnic background, political opinions, religious beliefs, trade union membership, genetics, biometrics (where used for identification), health, sex life or orientation.

There are separate safeguards for personal data relating to criminal convictions and offences.

Question 3

What are your rights under the Data Protection Act?

Answer 3

You have the right to find out what information the government and other organisations store about you. These include the right to:

• be informed about how your data is being used
• access personal data
• have incorrect data updated
• have data erased
• stop or restrict the processing of your data
• data portability (allowing you to get and reuse your
data for different services)
• object to how your data is processed in certain
circumstances

You also have rights when an organisation is using your personal data for:

• automated decision-making processes (without
human involvement)
• profiling, for example to predict your behaviour or
interests

Question 4

What is General Data Protection Regulation (GDPR)?

Answer 4

Europe wide regulation affording rights to individuals
around control of personal data.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Question 5

What are the penalties under the DPA?

Answer 5

The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements.

Th EU GDPR sets a maximum fine of €20 million (about £18 million) or 4% of annual global turnover – whichever is greater – for infringements.

Not all GDPR infringements lead to data protection fines. Supervisory authorities such as the UK’s ICO (Information Commissioner’s Office) can take a range of other actions, including:

• Issuing warnings and reprimands;
• Imposing a temporary or permanent ban on data
processing;
• Ordering the rectification, restriction or erasure of
data; and
• Suspending data transfers to third countries.

Question 6

How must organisations demonstrate compliance with DPA?

Answer 6

Record Keeping:
• Maintain records of data processing purposes, data
sharing and retention.
• Maintain records of consent

Data Breaches:
• Must report destruction, loss, alteration, unauthorised
disclosure of or access to people’s data.
• Report to individuals without delay. Report to ICO
within 72 hours where it could have a detrimental
impact on the individuals involved.

Data Protection Officer:
• Companies who monitor large numbers of people or
who process a lot of sensitive data.
•Central figure in company’s data protection /
processing.

Question 7

What is BIM?

Answer 7

Building Information Modelling is a process for creating and managing information on a construction project across the project lifecycle.

One of the key outputs of this process is the Building Information Model, the digital description of every aspect of the built asset.

This model draws on information assembled collaboratively and updated at key stages of a project.

Question 8

What are the different level’s of BIM?

Answer 8

Level 0
• No collaboration
• 2D CAD

Level 1
• No collaboration.
• 3D CAD for concept work and 2D for statutory approvals.
• Information sharing system e.g. 4Projects used, usually managed by the contractor.
• Standard of most projects.

Level 2
• Collaborative working.
• All parties used 3D CAD models.
• Design information is shared through a common file format, which enables any organisation to be able to combine that data with their own in order to make a federated BIM model, and to carry out interrogative checks on it.

Level 3 (Open BIM)
• Full collaboration.
• All parties contribute to a single, shared project model which is held in a centralized repository.
• All parties can access and modify that same model, and the benefit is that it removes the final layer of risk for conflicting information.

4D – use of data to analyse programme

5D – Integration of cost information

6D – Use of information for facilities management

Question 9

What document and data control systems do you employ on your projects?

Answer 9

Workspace system which manages correspondence, drawings etc. and is accessible to all the project team.

Question 10

What is the Statutory Requirement for Data Management?

Answer 10

• The Data Protection Act 1995.

* Freedom of Information Act 2000.

Question 11

What is the Freedom of Information Act?

Answer 11

The Freedom of Information Act 2000 provides public access to information held by public authorities.

It does this in two ways:

• Public authorities are obliged to publish certain
information about their activities; and

• Members of the public are entitled to request
information from public authorities.