Data Management

Question 1

How long do you need to keep data for?

Answer 1

6 years - if contract is signed underhand
12 years - if contract is signed as a deed

RICS recommends up to 15 years - this is limitation period for most legal claims

Question 2

What types of data systems are used in your company?

Answer 2

Shared hard drives
Back up servers
Project intranet
Microsoft teams
Dropbox

Question 3

What are the benefits of cloud based storage?

Answer 3

1) Easy access anywhere in the world
2) Secure / password protected
3) Low set up cost
4) Access control / restrictions available for confidential files and folders

Question 4

What sources of pricing data are available?

Answer 4

1) BCIS
2) Pricing Books - SPONS
3) Benchmarking
4) In house records / data

Question 5

What are pricing books?

Answer 5

Assist with estimating and valuing variations

Pricing books cover all major areas of construction process

Question 6

What is the BCIS?

Answer 6

Building Cost Information Service
Provides cost and price data for the UK construction industry
Data will help produce specific estimates for option appraisals, provide early cost advice and plans costs and benchmarks

Question 7

What is the Data protection Act 2018?

Answer 7

Act of parliament to make new provision for the regulation of the processing of data relating to individuals

Question 8

What is GDPR?

Answer 8

General Data Protection Regulations

Regulation in EU law on data protection and privacy in the EU.

Question 9

Who are the key figures identified within GDPR?

Answer 9

Data Controller - How and why data is collected /used

Data Processor - processes data on behalf of controller

Data Subject - person whom data is about

Data Protection Officer - guarantor of compliance with data protection regulations

Question 10

What are the 7 key principles of GDPR?

Answer 10

1) Lawfulness
2) Purpose limitation
3) Data Minimisation
4) Accuracy
5) Storage Limitation
6) Integrity and Confidentiality
7) Accountability

Question 11

What are the 8 individual rights under GDPR?

Answer 11

1) To be informed
2) To access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling

Question 12

Who enforces GDPR?

Answer 12

The Information Commissioner’s Office

Question 13

What is the freedom of Information Act 2010?

Answer 13

Provides public access to information held by public authorities

2 ways it does this;
1) public authorities are obliged to publish certain info about their activities

2) The public are entitled to request information from public authorities

Question 14

If you intend to destroy a document, what things must you consider beforehand?

Answer 14

• is it the doc the original contract / legal document
• could it be required for litigation / other proceedings
• does it relate to a live project
• is a back up copy available

Question 15

What measures could be taken to protect commercially sensitive information?

Answer 15

• have an NDA in place
• Physical separation of staff
• Locked filing cabinets
• password protected servers / files

Question 16

Are there ways that we can protect data when we are transferring on a client’s behalf?

Answer 16

Encryption and password locking
mark as confidential
record special delivery
use secure networks and software

Question 17

What is an information barrier?

Answer 17

Physical or electronic separation of individuals within the same firm
aim to protect confidential data

Question 18

What is personal data?

Answer 18

Any info that relates to living person who can be identified by that data

Facts - Name / address / DoB / Photos
Opinions - CV’s / Salary details / Client ratings
Correspondence- letters / emails / texts / contact details

Question 19

What is non personal data?

Answer 19

any info that relates to a living person who cannot be identified by that data

Question 20

What is sensitive data?

Answer 20

Data that could harm or distress if improperly used
Need consent and authorisation to store
- racial or ethnic origin
- religious / political beliefs

Question 21

What is a data subject?

Answer 21

person who is subject of the personal data being held

Question 22

What is a data controller?

Answer 22

Person who decides on purpose for which data is collected

Ensure that the data processor’s contracts complies with GDPR

Question 23

What is a data processor?

Answer 23

Person who processes the data
can be same person as data controller
GDPR requires them to maintain records of processing activities in event of a breach

Question 24

Where should serious breaches of data be reported to?

Answer 24

Information Commissioner’s Office (ICO)

Question 25

Difference between GDPR and Data Protection Act 2008?

Answer 25

The act is a complete data protection system. It governs general data covered by GDPR as well as all other general data

all other data - law enforcement data / national security data