Data Management Flashcards

1
Q

What is GDPR?

A

EU General Data Protection Regulation 2016 (GDPR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Data Protection Act 2018?

A

The UKs implementation of GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When did the Data Protection Act come into force?

A

25th May 2018 -> replaced Data Potection act 1998

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Is there any RICS guidance on Data Management?

A

(archived) RICS Guidance Note - Electronic Document Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When did GDPR come into force?

A

May 2018 (same as DPA 2018)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why was the Data Protection Act 2018 introduced?

A

1998 Act -> brought in to cover modern data and technology
2018 Act -> to incorporate new EU GDPR legislation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the principles of GDPR and DPA 2018?

A
  • Information used lawfully, fairly and transparently
  • collected for specified, explicit, and legitimate purposes
  • Adequate, relevant and limited to necessity
  • accurate (kept up to date)
  • Kept no longer than necessary
  • Kept safe
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the individual rights under GDPR and DPA 2018?

A
  • To be informed
  • To access
  • To rectification
  • To erasure
  • To restrict processing
  • To data portability
  • To object
  • To automated decision making and profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are th penalties under GDPR and DPA 2018?

A

Fines (4% of annual global turnover or 20 million Euros)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of GDPR?

A

Protect citizens data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What constitutes personal data?

A

Information relating to a person to identify that person

e.g. names, photo, email, bank details, IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Give some examples of personal data under GDPR that could apply to the property companies

A
  • Data relating to investors
  • Fund managers
  • Valuations
  • Compliance
  • Bookkeeping payroll
  • Background checks
  • HR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Are any organisations exempt from GDPR?

A

Exceptions for organisations with fewer than 250 employees

Private individuals not engaged in business activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the ‘right to access’ under GDPR?

A

Individuals have the right to obtain confirmation that their data is being processed, access to their personal data and other supplementary information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How are breaches often discovered?

A

Access logs, reported thefts, lost equipment, or data security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How have consent conditions been strengthened under GDPR?

A

Consent must be given with the purpose for data procesing attached to that consent
- Consent must be clear and indistinguishable from other matters and provided in an intelligible and easily accesible form, using clear and plain language
- It must be as easy to withdraw consent as it is to give it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the right to be forgotten under gDPR?

A

Under Article 17 of the GDPR, individuals have the right to have personal files erased in certain circumstances

  • i.e Data is no longer necessary for original purpose
  • Data has been processed unlawfully
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is data portability?

A

Introduced by GDPR
- The right for a data subject to receive personal data concerning them which they have previously provided in a ‘commonly ue and machine readable format’ and have the right to transmit that data to another controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is privicy by design?

A

Legal requirement under GDPR
- Calls for the inclusion of data protection from the onset of designing systems, rather than as an addition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a data protection officer?

A

An individual appointed to monitor internal compliance, inform and advise on an organisations’ data protection obligations

Only required if organisation is a public body or authority or if the organisation carries out certain types of processing activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Provide some examples of types of data held by surveying practices that are covered under GDPR?

A
  • Data held to help service a Client (accounting info, compliance systems)
  • Emails and other correspondence
  • Other physical records held on file
  • Customer data held for marketing purposes
22
Q

What are the obligations imposed by GDPR?

A
  • must have knowledge of the data you store and process (including its location and security)
  • Have to be able to delete every instance of an individuals data
  • Must demonstrate compliance in managing data
  • Must be able to prove how information is being used
  • Must offer data portability
23
Q

Who regulates GDPR in the UK?

A

The Informatio Commissioners office

24
Q

What are the RICS best practice points for compliance with GDPR?

A
  • Conduct data reviews to understand risks
  • Anonymise data where posisble
  • Encrypt where possible
  • Create breach policy response
  • Treat commercial data as personal data (even though not covered under GDPR)
  • Understand data processes
25
Q

What is your companys policy for data protection

A

Suspected breaches should be reported to the individual line mnagers or the firms data protection officer

26
Q

What is RICS best practice recommendations for using confidential information?

A
  • Think about whether the information helf is personal information or confidential information
  • Document processes for which you hold information and gaining consent to hold
  • Keep a record of consent for processing, storage and retention
  • Check if you have appropriate contractual clauses for use of the information or the data used is owned or licenced for that use
27
Q

WHat should be included in a firms privacy notice?

A
  • What information you have
  • What information will be used for
  • Which third parties you might share the information with
  • How long information is being kept for
  • What legal right the firm has
28
Q

What is SAR?

A

Subject Access Request
- Demand that the individual be given all the information a company holds on them

29
Q

What is the Freedom of Information Act and when did it come into force?

A

Freedom of Information Act 2000

  • Gives individuals the right of access to information held by public bodies
  • Public body must supply it in 20 working days (can charge a fee)
30
Q

What is requried for a Land Registry Compliant Plan?

A
  • Drawn to scale of 1:100 or 1:200
  • Have a scale measurement bar
  • Have the scale noted on a plan
  • INclude a 1:1250 scale map of the location
  • Full address
  • North point
  • Demise in red outline
31
Q

What are the proviions of the Land Registry Act (2002)?

A
  • A frame work for the electronic property surveyancing
  • All freeholds and leases over 7 years must be registered
  • New regime for adverse possession (over 10 years)
  • Works towards Land Registry’s goal of having all property registered electronically by 2030
32
Q

How do you comply with GDPR in your role?

A
  • I report suspected breaches
  • I do not give out confidential or personal information
  • I keep records of consent for processing, storing and retaining data
  • I understand the information we hold that is protected by GDPR
33
Q

Give me an example of how you process and handle confidential information?

A
  • I use document systems to add, amend and remove information - Data input forms
  • When sending information to solicitors, i ensure files are uploaded to a secure data room
  • Anonymised ELI information for TUPE
  • Password and account to enter management systems
34
Q

What does encryption mean?

A

Mathematical function that encodes data in such a way that only authorised users can access it

35
Q

WHat is a fire wall?

A

Network security system that monitors and controls incoming and outcgoing network traffic based on predetermined security rules

36
Q

Tell me about how you extract data from a source regularly used in your role

A

Extract data from leases and enter into a new lease input form. This is securely sent to Data Input who then upload the information to TRAMPS where the data is held securely for those with password access

37
Q

What is ISO 9001?

A

Sets out the requirement on how firms should control data and documents relevant to the service they provide

38
Q

What is the difference between a deed and a registered title?

A

Deed is a physical document declaring a persons legal ownership

Registered title is ownership recorded with Land Registry electronically

39
Q

Give me an example of a property information tool

A

Government search website - title register
Sharepoint
vRoom
Horizon
TRAMPS

40
Q

Can you tell me about the retention of files and the Limitations Act 1980?

A

Section 5 of Limitations Act 1980 says legal action must be brought within 6 years of issue arising

  • Business then have a responsibility to keep documents for at least 6 years after they expire
41
Q

What does the Privacy and Electronic Communications Regulations 2003 apply to?

A

Make it unlawful to transmit an automated recorded message for direct marketing purposes via telephone, without prior consent to the subscriber

42
Q

Give me an example of how you ensure thatdata is kept securely

A
  • Access is restricted to users by password
  • Firewalls in place by IT team to protect against hacking
  • Appropriate training undertaken to understand processes
43
Q

What is an AVM?

A

Automated Valuation Model
- Mathematical / Statistical modelling with databases of existing properties and transactions to calculate real estate values

44
Q

Does RICS provide any guidance on AVM?

A

RICS Road Map: Automated Valuation Models Roadmap for RICS members and stakeholders, 2021

45
Q

Explain the growing use of AVMs in the industry?

A

Use of computer modelling in the science of valuation has merit in a world with increased availability and use of data
- may reduce expensive litigation

46
Q

Are electronic signatures accepted by the Land Registry?

A

Yes, witnessed electronic signatures accepted from July 2020

47
Q

What type of documents can be signed electronically?

A

Deeds - must be witnessed
Contracts

48
Q

What is an Electronic Document Management System?

A

type of software that stores, organises and manages documents in the form of electronic files -> Sharepoint

49
Q

What is a breach notification under GDPR?

A

GDPR introduces a duty on all organisations to report certain data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach

  • WHere the breach is likely to result in a high risk of adversely affecting individuals rights, freedoms they must be informed without delay
50
Q

To what organisations does GDPR apply?

A

All organisations