Data Management Flashcards
How long should you keep data for?
6 years if contract is signed under hand
12 years if contract is signed under deed
RICS recommend 15 years as this is the limitation period for most legal claims
What types of data systems are used in your organisation?
- Shared drives
- Backup servers
- Sharepoint
- Online softwares such as microsoft teams
-Project extranets
What is a project extranet (cde)?
A computer network that allows external parties to view project files on a secure platform.
What are the advantages and disadvantages of a project extranet?
Adv:
- Improved communication
- 24 hour access
- Efficient
- Secure
Disadv:
- Can be expensive
- Requires maintenance
- May require user training to operate
What are the benefits of cloud-based storage?
- Easy access anywhere in the world
- Secure
- Low set up costs
What sources of pricing data are available?
- BCIS
- Spons and other pricing books
- In house data
- Benchmarking
What are pricing books?
They are books which cover costs of all major areas of the construction process to assist with estimating and valuing variations.
What is BCIS?
Building Cost Information Service
- Provides cost and price data for the UK construction industry useful for estimates, appraisals and benchmarking.
- Run by RICS
What is the data protection act 2018?
- Controls how your personal information is used by organisations, businesses or the government
- The UK’s implementation of GDPR
What is GDPR?
- EU law on data protection of privacy in the EU and EEA.
- Also covers transfer of data outside the EU and EEA.
What is the purpose of GDPR?
- Harmonise data laws across EU member countries providing greater protection rights to individuals.
- Alter how businesses and organisations handle personal data.
- Large fines and reputational damage for those in breach.
Key persons under GDPR?
Data controller:
- Person that decided how and why the collect and use data. Must make sure processing of data complies.
Data processor:
- Any person who processes data on behalf of the controller
Data subject:
- The individual who’s personal data it is
Data Protection Officer:
- Guarantor of compliance within an organisation
What constitutes personal data?
Any information related to a data subject that can be used directly or indirectly to identify the person.
- Name, photo, email, bank details, IP address, medical information
Difference between data controller and processor?
Data controller determines the purpose, conditions and means of processing data. The processor just processes data.
7 key principles of GDPR?
1) Lawfulness, fairness and transparency
2) Purpose limitation
3) Data minimisation
4) Accuracy
5) Storage limitation
6) Integrity and confidentiality
7) Accountability
8 individual rights under GDPR?
1) To be informed
2) To access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling.
Who enforces GDPR?
The information commissioners office
What is the freedom of information act 2000?
Provides public access to information held by public authorities.
1) Public authorities are obliged to publish certain information
2) Public are entitled to request info from public authorities
If you intend to destroy a document, what things should you consider beforehand?
- Is it required to be kept?
- Could it be required for legal proceedings?
- Does it relate to a live project?
- Is a back-up copy available?
What measures can be taken to protect commercially sensitive information?
- Nondisclosure agreements
- Physical separation of staff
- Password protected files/servers
How can we protect data when transferring to a client?
- Encryption and password locking
- Recorded special delivery
- Mark as confidential
- Using secure networks and software
What is an information barrier?
Physical/electrical separation of individuals within the same firm, with the purpose of protecting confidential information.
What was in place to protect people’s data before the data protection act 2018/GDPR?
Data protection act 1998
Who does GDPR affect?
All companies that collect or process personal information on EU citizens regardless of where they are based
DPA 2018 vs 1998
- 2018 is binding rather than directive
- Wider definition of personal data
- Consent policies
- Obliged to report breach
- More serious penalties
Penalty under GDPR?
20m euros or 4% of annual turnover; the larger
How do you use historic data for current day projects?
- Use inflation indices to rebase data
- Use location factors to rebase data
- Ensure any confidential information is hidden
Why would you use in house data over BCIS?
As useful as BCIS is, in-house data can be very bespoke if we do the same type of building in the same place regularly (lucky GT is v big firm)
What is data management?
The practice of collecting, keeping and using data securely, efficiently and cost effectively.
Soft vs hard data?
Hard data is measurable, usually collected from qualitative sources.
Soft data is less qualitative, e.g., opinions
Examples of sensitive data with stronger legal protection?
Ethnicity, religion, health, criminal records
What do you do if you breach GDPR?
Report to ICO in 72 hours of breach