Data Management Flashcards

1
Q

What is a Subject Access Request

A

when a user requests information under Article 15 of GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If a tenant would like access to some CCTV footage, what is required?

A

Subject Access Request

  • liaise with data protection officer on what is required and what can be given
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the fines for breaching GDPR

A

4% of global annual turnover or up to 20 million euros

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a firewall

A

Network security system that monitors and controls incoming and outgoing network traffic, based on predetermined security rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is encryption

A

Mathematical function that codes data so only authorized users can access it
- Makes readable text unreadable unless a code or decryption key is known

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the principles of GDPR and DPA 2018

A

Information must be used lawfully and transparently
Information must be collected for a legitimate and specified purpose
Information must be adequate and limited to necessity
Information must be accurate and kept up to date
Information must be kept safe and no longer than necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the obligations of GDPR

A

Must have knowledge of the data you store and process
Must be able to delete every instance of an individuals data
Must demonstrate compliance in managing data
Must offer data portability
Must be able to prove how information is being processed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are individuals rights with respect to data?

A

Right to be informed
Right to access
Right to rectification
Right to restrict processing
Right to erasure
The right to Object
Right to data portability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do you treat / manage confidential information

A

Conduct data reviews
Anonymise data where possible
Encrypt data here possible
Treat commercial data as personal data
Understand what data we hold and how it is processed
Password protection and secure data sites
Use of firewalls
Have a breach policy response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you protect data?

A

Anonymise data where possible
Encrypt data here possible
Understand what data we hold and how it is processed
Password protection and secure data sites
Use of firewalls
Report suspected breaches
Have a breach policy response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What other legislation is there relating to data management apart from GDPR and Data protection Act 2018?

A

Freedom of information act 2000
Limitations Act 1980

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How long can you hold data for?

A

No specific time limit – GDPR says no longer than necessary. Organisations privacy policy should dictate
As short as possible and as agreed with the data subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why was GDPR introduced?

A

To consolidate data protection laws across EU member countries and provide greater protection and rights to individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why is it important that data is uploaded correctly

A

To ensure protection of individuals data and compliance with legislation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When are you allowed to upload data / share date? How did you know you were allowed to do this?

A

Firms privacy notice dictates what data we hold, how it is processed and also how and when we might share with a third party and which third party it would be shared with.
For example, at the sale of a property.
This privacy notice is issued to all tenants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How have consent conditions been strengthened under GDPR

A

Consent must be clear and indistinguishable from other matters
Consent must be provided in an intelligible and easily accessible form, using clear and plain language
Must be as easy to withdraw consent as it is to give consent

17
Q

When can an individual request for their information to be deleted?

A

If an individuals data has been unlawfully processed
If an individuals data is no longer necessary for the purpose it was originally collected

18
Q

What is privacy of design and is it a legal requirement?

A

Implementation of security systems into the original design of management systems as opposed to later additions – yes it’s a legal requirement

19
Q

List the 7 key principles of GDPR?

A
  1. Lawfulness, fairness and transparency
  2. Purpose Limitation
  3. Data minimisation
  4. Accuracy
  5. Storage Limitations
  6. Integrity and Confidentiality
  7. Accountability
20
Q

What are the consequences non-compliance of GDPR for a firm?

A

Fines of up to 20million euros or up to 4% of total global revenue of the preceding year, whichever is greater

21
Q

How long can you hold data for?

A

Shortest time is 6 years for accounting VAT/tax purposes but the limitation Act 198- provides for a period of up to 15 years for a professional negligence claim.

Depends on different factors though such as, do they include any original contracts or leases, do they relate to a current project, do you need them to justify your fees, are the files relevant to any disputes and are they needed for any litigation.

22
Q

If an assignment completed on a lease please can you confirm how long you should hold the assignor information for on the system?

A

Would depend on the terms of the assignment
Is there an AGA in place, if so you would hold the assignor details until the end of the lease and then 6 plus one year.

Same for privity of contract

Could also argue you can hold details until arrears are cleared in full

23
Q

What did you actually have to do in the sale of spreadeagle? You say you provided information, what sort format did you put that information together?

A

Assist solicitors with questions from the purchaser and provide requested documents such as property info and H&S compliance info (i.e answers to CPSE)
Uploaded to a secure data room which is password protected and protected by a fire wall.
Anonymised data where possible

24
Q

What are CPSEs?

A

Commercial Property Standard Enquiries

25
Q

Who was responsible for the security of the data room?

A

The solicitors

26
Q

How was the data room secured?

A

Only authorized users could access it – password protected
Also protected by a fire wall

27
Q

Did you have access to the data room?

A

Yes I was provided a username and password to upload requested information

28
Q

What typically would you expect to find in a data room for a sale of this sort of property?

A

CPSE responses
H&S compliance information
Property information such as title plans
Leases and licences
Budgets and reconciliations
H&S reports and environmental reports
Refurbishment / project works completion statements and warrantys

29
Q

What is the current legislation we adhere to in the UK for data protection?

A

Data Protection Act 2018

30
Q

What does the data protection act include?

A

EU GDPR

31
Q

What does GDPR stand for?

A

General Data Protection Regulation

32
Q

What rights do the public have on their data?

A

The right to information
The right to access
The right to erasure
The right to rectification
The right to restrict processing
The right to data portability
The right to object
The right to automated decision making

33
Q

What are the penalties of breach of GDPR / data protection?

A

4% of annual global turnover or 20 million euros

34
Q

How do you keep data secure within your office?

A

Follow out privacy policy:
Understand the data we hold and what it is used for
Understand when we can share the data and who with
Do not send sensitive data unless in accordance with privacy policy
Ensure all data is secure and only authorized users can access through password protection
Data is protected by firewall implemented by IT

35
Q

How do you ensure accuracy?

A

Have it checked by colleagues
Check against original documents

36
Q

What are the provisions of the Land Registry Act 2002?

A

Freeholds over 7 years require electronic registering
Aim to have all original documents registered electronically by 2030
Changes to adverse possession years