Data Management

Question 1

How long should you keep data for?

Answer 1

6 years if contract is signed under hand

12 years if contract is signed under deed

RICS recommend 15 years as this is the limitation period for most legal claims

Question 2

What types of data systems are used in your organisation?

Answer 2

• Shared drives
• Backup servers
• Sharepoint
• Online softwares such as microsoft teams
  -Project extranets

Question 3

What is a project extranet (cde)?

Answer 3

A computer network that allows external parties to view project files on a secure platform.

Question 4

What are the advantages and disadvantages of a project extranet?

Answer 4

Adv:
- Improved communication
- 24 hour access
- Efficient
- Secure

Disadv:
- Can be expensive
- Requires maintenance
- May require user training to operate

Question 5

What are the benefits of cloud-based storage?

Answer 5

• Easy access anywhere in the world
• Secure
• Low set up costs

Question 6

What sources of pricing data are available?

Answer 6

• BCIS
• Spons and other pricing books
• In house data
• Benchmarking

Question 7

What are pricing books?

Answer 7

They are books which cover costs of all major areas of the construction process to assist with estimating and valuing variations.

Question 8

What is BCIS?

Answer 8

Building Cost Information Service
- Provides cost and price data for the UK construction industry useful for estimates, appraisals and benchmarking.
- Run by RICS

Question 9

What is the data protection act 2018?

Answer 9

• Controls how your personal information is used by organisations, businesses or the government
• The UK’s implementation of GDPR

Question 10

What is GDPR?

Answer 10

• EU law on data protection of privacy in the EU and EEA.
• Also covers transfer of data outside the EU and EEA.

Question 11

What is the purpose of GDPR?

Answer 11

• Harmonise data laws across EU member countries providing greater protection rights to individuals.
• Alter how businesses and organisations handle personal data.
• Large fines and reputational damage for those in breach.

Question 12

Key persons under GDPR?

Answer 12

Data controller:
- Person that decided how and why the collect and use data. Must make sure processing of data complies.

Data processor:
- Any person who processes data on behalf of the controller

Data subject:
- The individual who’s personal data it is

Data Protection Officer:
- Guarantor of compliance within an organisation

Question 13

What constitutes personal data?

Answer 13

Any information related to a data subject that can be used directly or indirectly to identify the person.
- Name, photo, email, bank details, IP address, medical information

Question 14

Difference between data controller and processor?

Answer 14

Data controller determines the purpose, conditions and means of processing data. The processor just processes data.

Question 15

7 key principles of GDPR?

Answer 15

1) Lawfulness, fairness and transparency
2) Purpose limitation
3) Data minimisation
4) Accuracy
5) Storage limitation
6) Integrity and confidentiality
7) Accountability

Question 16

8 individual rights under GDPR?

Answer 16

1) To be informed
2) To access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling.

Question 17

Who enforces GDPR?

Answer 17

The information commissioners office

Question 18

What is the freedom of information act 2000?

Answer 18

Provides public access to information held by public authorities.
1) Public authorities are obliged to publish certain information
2) Public are entitled to request info from public authorities

Question 19

If you intend to destroy a document, what things should you consider beforehand?

Answer 19

• Is it required to be kept?
• Could it be required for legal proceedings?
• Does it relate to a live project?
• Is a back-up copy available?

Question 20

What measures can be taken to protect commercially sensitive information?

Answer 20

• Nondisclosure agreements
• Physical separation of staff
• Password protected files/servers

Question 21

How can we protect data when transferring to a client?

Answer 21

• Encryption and password locking
• Recorded special delivery
• Mark as confidential
• Using secure networks and software

Question 22

What is an information barrier?

Answer 22

Physical/electrical separation of individuals within the same firm, with the purpose of protecting confidential information.

Question 23

What was in place to protect people’s data before the data protection act 2018/GDPR?

Answer 23

Data protection act 1998

Question 24

Who does GDPR affect?

Answer 24

All companies that collect or process personal information on EU citizens regardless of where they are based

Question 25

DPA 2018 vs 1998

Answer 25

• 2018 is binding rather than directive
• Wider definition of personal data
• Consent policies
• Obliged to report breach
• More serious penalties

Question 26

Penalty under GDPR?

Answer 26

20m euros or 4% of annual turnover; the larger

Question 27

How do you use historic data for current day projects?

Answer 27

• Use inflation indices to rebase data
• Use location factors to rebase data
• Ensure any confidential information is hidden

Question 28

Why would you use in house data over BCIS?

Answer 28

As useful as BCIS is, in-house data can be very bespoke if we do the same type of building in the same place regularly (lucky GT is v big firm)

Question 29

What is data management?

Answer 29

The practice of collecting, keeping and using data securely, efficiently and cost effectively.

Question 30

Soft vs hard data?

Answer 30

Hard data is measurable, usually collected from qualitative sources.

Soft data is less qualitative, e.g., opinions

Question 31

Examples of sensitive data with stronger legal protection?

Answer 31

Ethnicity, religion, health, criminal records

Question 32

What do you do if you breach GDPR?

Answer 32

Report to ICO in 72 hours of breach