Data Management Flashcards
What is GDPR?
EU General Data Protection Regulation 2016 (GDPR)
What is the Data Protection Act 2018?
The UKs implementation of GDPR
When did the Data Protection Act come into force?
25th May 2018 -> replaced Data Potection act 1998
Is there any RICS guidance on Data Management?
(archived) RICS Guidance Note - Electronic Document Management
When did GDPR come into force?
May 2018 (same as DPA 2018)
Why was the Data Protection Act 2018 introduced?
1998 Act -> brought in to cover modern data and technology
2018 Act -> to incorporate new EU GDPR legislation
What are the principles of GDPR and DPA 2018?
- Information used lawfully, fairly and transparently
- collected for specified, explicit, and legitimate purposes
- Adequate, relevant and limited to necessity
- accurate (kept up to date)
- Kept no longer than necessary
- Kept safe
What are the individual rights under GDPR and DPA 2018?
- To be informed
- To access
- To rectification
- To erasure
- To restrict processing
- To data portability
- To object
- To automated decision making and profiling
What are th penalties under GDPR and DPA 2018?
Fines (4% of annual global turnover or 20 million Euros)
What is the purpose of GDPR?
Protect citizens data
What constitutes personal data?
Information relating to a person to identify that person
e.g. names, photo, email, bank details, IP address
Give some examples of personal data under GDPR that could apply to the property companies
- Data relating to investors
- Fund managers
- Valuations
- Compliance
- Bookkeeping payroll
- Background checks
- HR
Are any organisations exempt from GDPR?
Exceptions for organisations with fewer than 250 employees
Private individuals not engaged in business activities
What is the ‘right to access’ under GDPR?
Individuals have the right to obtain confirmation that their data is being processed, access to their personal data and other supplementary information
How are breaches often discovered?
Access logs, reported thefts, lost equipment, or data security incident
How have consent conditions been strengthened under GDPR?
Consent must be given with the purpose for data procesing attached to that consent
- Consent must be clear and indistinguishable from other matters and provided in an intelligible and easily accesible form, using clear and plain language
- It must be as easy to withdraw consent as it is to give it
What is the right to be forgotten under gDPR?
Under Article 17 of the GDPR, individuals have the right to have personal files erased in certain circumstances
- i.e Data is no longer necessary for original purpose
- Data has been processed unlawfully
What is data portability?
Introduced by GDPR
- The right for a data subject to receive personal data concerning them which they have previously provided in a ‘commonly ue and machine readable format’ and have the right to transmit that data to another controller
What is privicy by design?
Legal requirement under GDPR
- Calls for the inclusion of data protection from the onset of designing systems, rather than as an addition
What is a data protection officer?
An individual appointed to monitor internal compliance, inform and advise on an organisations’ data protection obligations
Only required if organisation is a public body or authority or if the organisation carries out certain types of processing activities