Data Management Flashcards

1
Q

What is GDPR?

A

EU General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of GDPR?

A

Protects citizens personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What constitutes personal data?

A

any information relating to a person / Data Subject that can be used to identify them

EG names, photos, email addresses, bank details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Examples of personal data under GDPR that could apply to property companies?

A
  • investors / fund managers data
  • valuations
  • background checks by HR
  • compliance checks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To what organisations does GDPR apply?

A

All organisations with more than 250 employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are penalties for GDPR breaches?

A

4% of annual global turnover or 20 million euros (whichever is greater)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the ‘right to access’ under GDPR?

A

Individuals have the right to obtain confirmation that their data is being processed, and to access their personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a breach notification under GDPR?

A
  • need to report breach within 72 hours of becoming aware of it
  • if breach is high risk, then notify individual(s) impacted without delay
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How are data breaches typically discovered?

A
  • access logs
  • reported thefts
  • lost equipment
  • data security incident
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How have consent conditions been strengthened under GDPR?

A
  • consent must be given using plain and clear language
  • it must be as easy to withdraw consent as it is to give it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the ‘right to be forgotten’ under GDPR?

A

Individuals have right to have personal data erased in certain circumstances
- data no longer necessary
- data been processed unlawfully

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is data portability?

A

right for data subject to receive personal data concerning them, which they have previously provided, and have it transferred to another controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is privacy by design?

A
  • legal requirement under GDPR
  • calls for inclusion of data protection from onset of designing systems, rather than as an addition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Protection Officer

A
  • individual appointed to monitor internal compliance
  • they advise on an organisations data protection obligations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Examples of data held by surveying practices?

A
  • payroll and HR information
  • customer data for marketing
  • emails relating to clients / employees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are obligations imposed by GDPR?

A
  • have knowledge of what data is stored/processed
  • provide information on how data is used and the individuals rights
  • demonstrate data is being managed in compliant manner
  • delete every instance of individuals data in accordance with ‘right to be forgotten’
  • keep data in format that allows portability to another data processor
17
Q

Who regulates GDPR in the U.K.?

A

Information Commissioner’s Office

18
Q

RICS best practice points for complying with GDPR?

A
  • conduct data review
  • anonymise data where possible
  • encrypt everything where possible
  • treat commercial data in same way as personal data (even though not covered by GDPR)
19
Q

What are your company policies for data protection breaches?

A
  • report to line manager
  • report to Data Protection Officer
20
Q

RICS recommendations for using confidential information?

A
  • document purpose for which you are holding the information
  • keep record of consent for processing, storage and retention
  • check if you have appropriate contractual clauses for use of information
21
Q

What information should be included in firms privacy notice?

A
  • what information you have
  • what information will be used
  • which 3rd parties information will be shared with
  • how long information will be stored for
  • what legal rights they have
22
Q

When did GDPR come into effect?

A

25 May 2018

23
Q

What Act implemented GDPR in the UK?

A

Data Protection Act 2018

(replaced Data Protection Act 1998)

24
Q

What are the 7 principles of Data Protection Act 2018?

A
  • lawfulness, fairness, transparency
  • purpose limitation
  • storage limitation
  • data minimisation
  • accuracy
  • accountability
  • integrity and confidentiality
25
Q

8 individual rights under GDPR?

A
  • right to information
  • right to access
  • right to rectification
  • right to erasure
  • right to restrict processing
  • right to data portability
  • right to object
  • right to automated decision making
26
Q

What is SAR?

A

Subject Access Request

  • demand that the individual be given all the information that a company holds on them
27
Q

Freedom of Information Act 2000

A
  • allows an individual to request access to information held by a public body
  • public body is required to provide that information (within 20 working days) in requested format
  • they can charge a fee for this
28
Q

Land Registry Act 2002

A
  • provides complete accurate reflection of the state of the title of the land at any given time
  • aim is to get all freehold land in England and Wales registered by 2030 (required for all freeholds of over 7 years)
29
Q

Disadvantages of the systems you use?

A
  • rely on data input completed by others (human error)
  • external systems - firm is not in control of their security
  • not user friendly and lots of training required!
30
Q

How did GDPR tighten up the former Data Protection Act 1998?

A
  • customer has greater control over their data
  • harsh penalties if fail to comply
  • GDPR is binding piece of legally enforceable regulation
  • applies to all EU nations and every company holding data on EU citizens
  • breaches have to be reported to relevant authority within 72 hours
  • companies will be accountable for data protection
  • any firm with over 250 people need data protection officer
31
Q

Privacy and Electronic Communications Regulations 2003

A

Make it unlawful to transmit an automated recorded message for direct marketing purposes via telephone without prior consent of subscriber

32
Q

Copyright

A

Exclusive legal right given to the creator of original work for fixed number of years

  • rights can be licensed, assigned or transferred
33
Q

Can copyright be transferred?

A

Yes