Data Management Flashcards
What events might you put in a diary to remind you?
Lease expiries
Breaks
Rent reviews
Rent steps
What types of data security is there?
Disk encyption
Regular off site back ups
Password protection
Anti virus software
What governs data protection
General Data Protection Regulation
Data Protection Act 2018
What does GDPR stand for?
General Data Protection Regulation
What is the aim of GDPR
It aims to protect individuals data and its use with businesses
What are the 8 individual rights of UK GDPR
Rights to:
be Informed
have access
Rectification
Restrict processing
dat portability
object
erasure
automated decision making/profiling
How do you verify your data
I use a triangulation method, for example I would compare the manual TS with the TS on our MRI system and also compare these to the lease.
What is the difference between GDPR and Data Protection act 2018
the DPA applies only to companies that control the processsing of data. GDPR extended the law to those companies that process personal data on behalf of controllers. For example, if a tenant gives our solicitors their details they would be liable under DPA but because the solicitors then pass me the lease the solicitor and Savills/me would be liable under GDPR
What are the GDPR fines?
GDPR = 4% global turnover or 17.5m which ever is higher
Under DPA it was £500,000 but it was felt this was not enough for large international companies
What is the Data Protection Act 2018
It is the UK’s implementation of the General Data Protection Regulation that was brought in after we left the EU.
What are the data protection principles
Used fairly, lawfully and transparently
Used for specified explicit purposes
kept no longer than necessary
accurate and up to date
What are your rights under the Data Protection Act 2018
To know how your info is being used
access personal data
have incorrect data updated
have data erased
stop or restrict processing of personal data
If you have a request for what data is held how long until you respond
no more than a month
Where should data breaches be reported to
Information Commissioners Office within 72 hours where there is a loss of data and risk of harm
How do Savills store data
Within my team we have a file system and a number of internal systems which are encrypted and only accessed through permissions and password protection
What is the freedom of information Act 2000
Gives right of access held by public bodies
The public body must tell individual whether it holds their info
They are required to supply within 20 working days
It can charge for the provision of the information
What are the Freedom of Information Act 2000 exemptions
It is in contrary to the GDPR requirements
It would prejudice a criminal matter under investigation
What is a public body
a formally established organisation that is publicly funded to deliver a public or government service
How can data security be improved
Firewalls
encyption
passwords
What is a NDA?
Non disclosure agreement - is where one party agrees to not reveal confidential information
What should an NDA include
ID of parties
definitions (different types of info covered)
Obligations (what happens if shared)
Time frame
Exclusions
Remidies - what happens if breached
What is the proposed professional statement
Professional Statement on Data Handling and Prevention of Cybercrime
What is the proposed Professional Statement on Data Handling and Prevention of Cybercrime for?
To cover best practice and mandatory obligations.
To address how surveyors capture, store and share data
Likely to mandate policies, practices and training for all regulated firms and members
