Data Management

Question 1

Principles of GDPR and DPA (6 Principles)

Answer 1

Information used lawfully, fairly and transparently.
Collected for specified, explicit and legitimate purpose.
Adequate, relevant and limited to necessity.
Accurate (kept up to date)
Kept no longer than necessary
Kept safe

Question 2

Individual Rights of GDPR and DPA (8 key points)

Answer 2

To be informed
To access
To rectification
To erasure
To restrict processing
To data portability
To object
To automated decision making & profiling

Question 3

GDPR and DPA Penalties

Answer 3

Fines (4% of annual global turnover or 20 million euros)

Question 4

What is ISO 9001:2015

Answer 4

Sets requirements on how firms should control data and documents relevant to the service they provide.
Sets requirements for a company’s Quality Management System (QMS), which is about the management of the entire enterprise and its operational processes.

Question 5

What security measure do you have for storing electronic data?

Answer 5

Only available from internal intra net which is password protected.

Question 6

What sources of data are available in your field of expertise?

Answer 6

• Comparable sales data from MoveMachine, Rightmove Plus, Propvals etc.
• SEPA flood maps.
• Coal Mining maps from Coal Authority.
• Radon maps
• OS Maps

Question 7

What is the most appropriate way to store client information in house?

Answer 7

• Password protected with encryption behind firewalls, if digitally stored
• Lock and key in house or a secure storage facility offsite.

Question 8

What is GDPR?

Answer 8

It replaced the Data Protection Act 1998 and is a regulation in EU law. It gives citizens more control over their personal data and how it is used as well as improving security of stored data so that it is not freely shared with third parties without informed consent

Question 9

When did GDPR come in to effect?

Answer 9

25th May 2018

Question 10

What type of data cannot be stored or kept and should be shredded or professionally disposed of and why?

Answer 10

Personal data should be only stored for as necessary to process. Organisations must ensure data is deleted when no longer required to ensure it will not be inaccurate or out of date.

Question 11

How do the recent changes in GDPR affect your day to day activities?

Answer 11

Our department has been relatively unaffected as our processes were appropriate under GDPR. However, I am aware that we have had to re-issue consent forms to ensure we are compliant when sending out mail shots to clients.

Question 12

Are you required to keep certain documents for any length of time?

Answer 12

Yes files should be retained for a minimum of 6 years.