Data Management Flashcards
How long do you need to keep data for?
6 years - if contract is signed underhand
12 years - if contract is signed as a deed
RICS recommends up to 15 years - this is limitation period for most legal claims
What types of data systems are used in your company?
Shared hard drives Back up servers Project intranet Microsoft teams Dropbox
What are the benefits of cloud based storage?
1) Easy access anywhere in the world
2) Secure / password protected
3) Low set up cost
4) Access control / restrictions available for confidential files and folders
What sources of pricing data are available?
1) BCIS
2) Pricing Books - SPONS
3) Benchmarking
4) In house records / data
What are pricing books?
Assist with estimating and valuing variations
Pricing books cover all major areas of construction process
What is the BCIS?
Building Cost Information Service
Provides cost and price data for the UK construction industry
Data will help produce specific estimates for option appraisals, provide early cost advice and plans costs and benchmarks
What is the Data protection Act 2018?
Act of parliament to make new provision for the regulation of the processing of data relating to individuals
What is GDPR?
General Data Protection Regulations
Regulation in EU law on data protection and privacy in the EU.
Who are the key figures identified within GDPR?
Data Controller - How and why data is collected /used
Data Processor - processes data on behalf of controller
Data Subject - person whom data is about
Data Protection Officer - guarantor of compliance with data protection regulations
What are the 7 key principles of GDPR?
1) Lawfulness
2) Purpose limitation
3) Data Minimisation
4) Accuracy
5) Storage Limitation
6) Integrity and Confidentiality
7) Accountability
What are the 8 individual rights under GDPR?
1) To be informed
2) To access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling
Who enforces GDPR?
The Information Commissioner’s Office
What is the freedom of Information Act 2010?
Provides public access to information held by public authorities
2 ways it does this;
1) public authorities are obliged to publish certain info about their activities
2) The public are entitled to request information from public authorities
If you intend to destroy a document, what things must you consider beforehand?
- is it the doc the original contract / legal document
- could it be required for litigation / other proceedings
- does it relate to a live project
- is a back up copy available
What measures could be taken to protect commercially sensitive information?
- have an NDA in place
- Physical separation of staff
- Locked filing cabinets
- password protected servers / files
Are there ways that we can protect data when we are transferring on a client’s behalf?
Encryption and password locking
mark as confidential
record special delivery
use secure networks and software
What is an information barrier?
Physical or electronic separation of individuals within the same firm
aim to protect confidential data
What is personal data?
Any info that relates to living person who can be identified by that data
Facts - Name / address / DoB / Photos
Opinions - CV’s / Salary details / Client ratings
Correspondence- letters / emails / texts / contact details
What is non personal data?
any info that relates to a living person who cannot be identified by that data
What is sensitive data?
Data that could harm or distress if improperly used
Need consent and authorisation to store
- racial or ethnic origin
- religious / political beliefs
What is a data subject?
person who is subject of the personal data being held
What is a data controller?
Person who decides on purpose for which data is collected
Ensure that the data processor’s contracts complies with GDPR
What is a data processor?
Person who processes the data
can be same person as data controller
GDPR requires them to maintain records of processing activities in event of a breach
Where should serious breaches of data be reported to?
Information Commissioner’s Office (ICO)
Difference between GDPR and Data Protection Act 2008?
The act is a complete data protection system. It governs general data covered by GDPR as well as all other general data
all other data - law enforcement data / national security data
