Data Management Flashcards
What is GDPR?
EU General Data Protection Regulation
What is the purpose of GDPR?
Protects citizens personal data
What constitutes personal data?
any information relating to a person / Data Subject that can be used to identify them
EG names, photos, email addresses, bank details
Examples of personal data under GDPR that could apply to property companies?
- investors / fund managers data
- valuations
- background checks by HR
- compliance checks
To what organisations does GDPR apply?
All organisations with more than 250 employees
What are penalties for GDPR breaches?
4% of annual global turnover or 20 million euros (whichever is greater)
What is the ‘right to access’ under GDPR?
Individuals have the right to obtain confirmation that their data is being processed, and to access their personal data
What is a breach notification under GDPR?
- need to report breach within 72 hours of becoming aware of it
- if breach is high risk, then notify individual(s) impacted without delay
How are data breaches typically discovered?
- access logs
- reported thefts
- lost equipment
- data security incident
How have consent conditions been strengthened under GDPR?
- consent must be given using plain and clear language
- it must be as easy to withdraw consent as it is to give it
What is the ‘right to be forgotten’ under GDPR?
Individuals have right to have personal data erased in certain circumstances
- data no longer necessary
- data been processed unlawfully
What is data portability?
right for data subject to receive personal data concerning them, which they have previously provided, and have it transferred to another controller
What is privacy by design?
- legal requirement under GDPR
- calls for inclusion of data protection from onset of designing systems, rather than as an addition
Data Protection Officer
- individual appointed to monitor internal compliance
- they advise on an organisations data protection obligations
Examples of data held by surveying practices?
- payroll and HR information
- customer data for marketing
- emails relating to clients / employees