Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Building Surveying APC > Data management > Flashcards

Data management Flashcards

1
Q

What legislation can you name that applies to data protection in the UK?

A
  • The data protection act 2018.
  • UK General Data Protection Regulation (GDPR).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Data Protection Act 2018?

A
  • The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
  • Controls / stipulates how personal information if used by organisations, businesses and the government.
  • These parties must follow data protection principals which stipulate that information is:
  1. Used fairly, lawfully and transparently.
  2. Used for specified, explicit purposes.
  3. Used in a way that is adequate, relevant and limited to only what is necessary.
  4. Accurate and, where necessary up to date.
  5. Kept for no longer than necessary.
  6. Handles in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
  • The act also strengthens the protection for sensitive information such as race, political opinions, religious beliefs etc.
  • Gives individuals rights to be notified of a data hack, request information an organisation has about them and request a copy of the information that they have (with exceptions - if it relates to prevention, detection or investigation of a crime or national security etc.).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What happens if a firm is in breach of the Data Protection Act 2018?

A

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

  • Act does stipulate some exceptions to breach; processing for journalistic and academic purposes to allow freedom of expression and a right to privacy.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Data Protection Act 2918 recommend organisations to do to keep data safe?

A
  • Carry out a data protection impact assessment to determine risks inside and outside of an organisation.
  • Employ an independent data protection officer to monitor internal compliance (actually compulsory for public organisations).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is personal data?

A

Personal data refers to any information which can be connected to an identifiable living individual such as a name or ID number. It can also include biometric data which is generated through specific processing related to the physical, physiological or behavioural characteristics of an individual, enabling easy identification from DNA, fingerprints or facial recognition software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is processing?

A

Processing relates to any operation which is carried out on personal data, including recording, storing, altering or disclosing it to others as well as its restriction, erasure or destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an identifiable living individual under the Data Protection Act 2018?

A

An identifiable living individual is defined within the Act as someone who can either directly or indirectly be identified by particular reference to an identifier, such as their name, ID number of location data, for example an IP add

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a controller under the Data Protection Act 2018?

A

An individual who decides how and why data will be processed, either operating alone or in conjunction with others. Before data is processed, the controller is responsible for considering the impact the proposed processing could have on the rights and freedoms of the individuals who’s information will be affected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a processor under the Data Protection Act 2018?

A

They report to the controller, a processor is responsible for processing personal data on their behalf, although they retain accountability for any information they process and could be found liable if a data breach occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Under the Data Protection Act 2018 how quickly should an organisation release a copy of data upon request of an individual?

A

As soon as possible but no later than a month after receiving the request for information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What authority enforces information rights in the UK?

A

ICO - International Commissioners Office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What principals does the UK GDPR set out?

A
  • Lawfulness, fairness and transparency – leave the individual fully informed
  • Accuracy – where necessary kept up to date, erase inaccurate personal data without dela
  • Data minimisation – collect the minimum data you need
  • Storage limitation – Retain the data for a necessary limited period and then eras
  • Purpose limitation – must inform your clients about the purpose of the data collection
  • Accountability – Record and prove compliance
  • Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How have you changed the way you managed data during COVID 19 and home working ?

A
  • Only use company owned work equipment and storage of hard copies of files is limited to the office.
  • Regular updates for passwords etc.
  • Log into secure intranet - no files downloaded locally.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you ensure the data that you hold on your clients is kept secure and confidential?

A

Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why do you keep company data for 12 years?

A

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should you do if there is a data breach?

A

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Can you give me some example of the data you manage ?

A
  • Client details
  • Finances
  • Contact details
  • Project details
  • Complaints
  • et
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the UK GDPR Principles ?

A

The UK GDPR sets out seven key principles:
• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the GDPR rights ?

A

The UK GDPR provides the following rights for individuals:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the process if there is a data breach ?

A
  • The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
  • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
  • You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.
  • You must also keep a record of any personal data breaches, regardless of whether you are required to notify.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What information databases do you use for your work?

A
  • BCIS
  • BRE
  • Planning portal
  • NBS product specifier
  • Government EPC database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is BCIS?

A
  • The Building Cost information Service provides cost and price data for the UK construction industry. It is a part of the Royal Institution of Chartered Surveyors.
  • Offers numerous product datasets such as

BCIS Schedule of Rates

BCIS Dilapidations Estimating Price Set

23
Q

What is BRE?

A

BRE is an independent and impartial, research-based advisory, testing and training organisation, offering expertise in every aspect of the built environment and associated industries.

Undertakes and publishes research to allow tackling of the current and future challenges of the built environment.

24
Q

Where does BCIS collect its’ data from?

A
  • From information submitted by its’ members - in return they will get a benchmark and TPI report - (Tender Price Index).
25
Q

What is Tender Price Index?

A

Measures the trend of contractors’ pricing levels in accepted tenders. BCIS offer this as a service.

26
Q

What are the benefits of using external data sources such as BCIS etc?

A
  • Industry wide data
  • Standardisation
  • Data management
27
Q

How do you ensure the data that you hold on your clients is kept secure and confidential ?

A
  • We use an only system to carry out checks
  • Operate a clear desk policy
  • Shredding of details etc
  • Two factor authentication of IT systems
28
Q

How long do you keep client’s data and how do you ensure it is deleted when necessary?

A

Dependent on the type of data and the contract
• Under hand - 6 years
• Under deed - 12 years
• Limitations act – 15 years

29
Q

What are the 8 rights under GDPR ?

A

The Right to Information
The Right of Access
The Right to Rectification
The Right to Erasure
The Right to Restriction of Processing
The Right to Data Portability
The Right to Object
The Right to Avoid Automated Decision-Making

30
Q

What is BIM?

A
  • Building Information Modelling.
  • Building Information Modeling (BIM) is the holistic process of creating and managing information for a built asset. Based on an intelligent model and enabled by a cloud platform, BIM integrates structured, multi-disciplinary data to produce a digital representation of an asset across its lifecycle, from planning and design to construction and operations.
31
Q

What are the positives and negatives of BIM?

A

Positives

  • Improved collaboration - entire design team can view and amend the model and it is kept up to date.
  • Better visualisation.
  • More accessible - cloud based so can be accessed from anywhere within reason (even on site).
  • Allows modelling prior to construction - e.g thermal modelling, allowing design flaws to be picked up on.
  • More environmentally friendly - can draw up plumbing plans before installation and configure to use the least amount of materials possible.

Negatives

  • Lack of experts available to use BIM.
  • Need to train current professionals to use the software - members of the design team.
  • Cost - Software requires substantial investment in technology, training and education.
  • End user engagement - need to enforce use by property managers to ensure the model isnt wasted from use stage.
32
Q

What other software do you use for analysing data after a site visit?

A

REVU Blubeam

33
Q

What is personal data?

A

Personal data is any information related to an identifiable person. It could include information such age, race and gender.

34
Q

What authority enforces information rights in the UK?

A

The _I_nternational _C_ommissioners _O_ffice (The ICO).

35
Q

What is the International Commissioners Office (ICO)?

A

The UK’s independent authority set up to uphold information rights by enforcing the UK’s data protection legislation.

36
Q

What is the main legislation that governs data protection in the UK?

A
  • The Data Protection Act 2018.
  • UK General Data Protection Regulation (GDPR) – also came into force in 2018.
37
Q

What’s the difference between GDPR and UKGDPR? Does GDPR still apply to the UK?

A

UKGDPR was introduced when the UK left the European Union under the Data Protection Act 2018 but is essentially the same legislation but allows the UK the freedom to adapt and constantly review it and contains additions regarding transfer of data and information between the UK and European Union.

Yes, GDPR still applies in UK common law.

38
Q

What is the Data Protection Act 2018?

A
  • The UK’s revision of the GDPR (EU)
  • It stipulates how personal information is used by organisations, businesses and government.
  • The act sets out data protection principals that these parties must adhere to which stipulate that information is:
  1. Used fairly, lawfully and transparently.
  2. Used for specified, explicit purposes.
  3. Accurate and where necessary up to date.
  4. Kept for no longer than necessary.
  5. Handled in a way that ensures appropriate security.
  • The act also gives individuals the right to be notified of a data hack and allows them to request information an organisation may have about them, but this excludes instances when that information is sensitive for crime or national security reasons.
39
Q

What happens if a firm is found to be in breach of the data protection act?

A

Fine of up to £20 millions or 4% of the total worldwide turnover for the proceeding financial year, whichever is higher!

40
Q

What are the exceptions that the Data Protection Act makes for the handling of personal data?

A

The act does stipulate some exceptions to breaching of the act which include for journalistic reasons and academic purposes.

41
Q

What doe the Data Protection Act recommend that organisations do in order to keep personal data safe?

A
  • Carry out a data protection impact assessment to determine risks inside and outside an organisation.
  • Employ an independent data protection officer to monitor internal compliance – this role is actually legally required for public organisations.
42
Q

How does your organisation deal with personal data?

A
  • Adheres to GDPR and The Data Protection Act by allowing any data subjects (people) to request the data we have about them through a subject access request which Hollis must provide within one month (in accordance with the DPA).
  • Our policy states that data subjects have the right of erasure if their data is being kept unnecessarily and also have confirmation of what personal data of theirs, we have.
  • We have a Data Protection officer to determine and monitor personal data usage and risk to any breaches.
43
Q

What does the data protection officer do?

A
  • Advises staff on data protection issues.
  • Notifies the ICO.
  • Reviews our data protection policy.
44
Q

How to you adhere to the data protection act?

A
  • Ensure the I notify my secretary of any ‘dead job’ that can then be taken off of our main system and put into more secure storage for 12 years (limitation act).
  • Ensure that all paperwork in the office is disposed of in our secured waste bin which is then properly disposed of.
  • Change passwords on PC and phone regularly
  • Inform our Data Protection Officer of any suspicious emails that I may have been targeted with.
45
Q

What is processing?

A

Any operation or set of operations which is performed on personal data whether or not by automated means. This can include alteration, use and storage.

46
Q

What is a data controller?

A

A person, agency or other body that determines the means of processing of personal data. The data controller is the company board.

47
Q

Under the Data Protection Act 2018 how quickly should an organisation release a copy of data upon request of an individual?

A

No later than one month from request.

48
Q

What is UK GDPR?

A
  • It forms part of the Data Protection Act and sets out key principals for how personal data is processed and the rights of individuals regarding how their data is used.
49
Q

What are the seven key principals of UK GDPR?

A
  • Lawfulness, fairness and transparency – fully inform the individual on what data is being used and how.
  • Purpose limitation – Must inform clients about the purpose of data collection.
  • Data minimisation – Collect only the minimum amount of data that you need.
  • Accuracy - Where necessary, keep data up to date and erase any inaccurate personal data.
  • Storage limitation – Only store for as long as necessary.
  • Security – Keep it secure within filing cabinets or fire wall etc.
  • Accountability – Record and prove compliance.
50
Q

What are the 8 rights of individuals under GDPR? ROAR DIE A

A
  • The right to be informed - organisations need to tell individuals what data is being collected, how it is being used and how long it will be kept for.
  • The right to access – individuals can submit subject access requests.
  • The right to rectification – individuals can request information is updated / amended if found to be incorrect.
  • The right to erasure - individuals can request erasure in some circumstances e.g if data is not longer required or if data unlawfully processed.
  • The right to Restriction of Processing – Individuals can request that an organisation limits how they use their personal data.
  • The right to Data portability – individuals have the right to request their data and use it for their own use.
  • The right to object -
  • The right to avoid automated decision making – individuals can request that this is not undertaken with their data for actions such as profiling.
51
Q

Why do you keep company data for 12 years?

A

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

52
Q

What should you do if there is a data breach

A

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

53
Q

Can you give me some examples of the data you manage?

A
  • Client details
  • Finances
  • Contact details
  • Project details
  • Complaints

Building Surveying APC (32 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions