Data Management Flashcards
What is triangulation?
Process used to verify data through an alternative source
- Important when considering reliability of a source and risks
How have you ensured data is secured safely?
- Regular back ups undertaken off site
- Disk encryption
- Firewalls and disaster recovery procedures
- Using anti-virus protection
- Password protection
What is copyright?
Exclusive rights to work provided to the author or creator
- Rights can be assigned and transferred
- Essential to acknowledge any copyright in your own work
What is crown copyright?
Refers to material created and prepared by the government, such as laws, public records and OS mapping
What is Data Management?
The practice of collecting, storing and using data securely, efficiently and cost effectively
What is hard and soft data?
Hard - quantifiable
Soft - less measurable - e.g. opinions
What is an information barrier?
Physical or electronic barrier which prevents the transmission of information between individuals or firms
What is GDPR?
EU General Data Protection Regulations (2016)
What is the Data Protection Act (2018)
UK implementation of GDPR
When did the Data Protection Act come into force?
25th May 2018 - replace 1998 DPA
What is the purpose of GDPR?
Harmonise data protection across the EU
Alter how personal data is managed and handled to ensure stricter regulation
How have consent conditions been strengthened under GDPR?
Consent must be given with the purpose of data processing attached to that consent
- It must be as easy to give consent as it is to reverse it
When did GDPR come into force?
25th May 2018
What is the role of the Data Protection Act?
Controls how personal information is used by organisations, businesses and the government
- Also govern data protected by GDPR
Is there any RICS guidance on Data Management?
(Archived) RICS Guidance Note - Electronic Data Management
Why did the Data Protection Act come into force?
- 1999 - Respond to the rise of Data
- 2018 - incorporate new GDPR regulation s
What are the key principles of GDPR / DPA?
Data must be
- Lawful, fair and transparent
- Collected for specified, legitimate and explicit purposes
- Adequate, relevant and limited to necessity
- Accurate and kept up to date
- Kept no longer than required
- Kept safe
What are the 8 individual rights under GDPR?
1) To be informed
2) To have access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling
Who does GDPR affect?
All companies who hold date EU data
Who polices and regulates GDPR in the UK?
Information Commission Office (ICO)
What are the penalties under GDPR and DPA?
Greater of 4% annual turnover or 20m euros
What should you do in the event of a GDPR breach?
Report to the ICO in 72 hours
What is the right to be forgotten?
Article 17
Individuals have the right to have personal files erased if:
- Data no longer required
- Data has been processed unlawfully
What is data portability?
Right for a data subject to receive personal info concerning them which they have provided and transmit data to another controller
What is privity by design?
Legal GDPR requirement
- Requires data protection from onset of designing a system, rather than in addition
What is a data controller?
Decides how and why personal data is processed and is directly responsible for GDPR
What is a data processor?
Someone who processes data on behalf of and in accordance with a data controller instruction
What is a data subject?
Individual whose data is about
What is a data protection officer?
Person responsible for compliance with data protection regulations - monitor and ensure internal compliance
What constitutes personal data?
Any information relating to a person that identifies that person
e.g. photo, name, email, bank details
What are examples of personal data under GDPR that relate to property companies?
- Details of fund managers
- Data relating to managers
- Background checks
- Valuations
What is the right to access?
Individuals have the right to obtain conformation that their data is being processed - access to their personal data
What is a GDPR breach notification?
Duty under GDPR - must report breach in writing within 72 hours
If breach means an individuals rights or freedom may be impacted - must be reported straight away