Data Management

Question 1

What is GDPR?

Answer 1

General Data Protection Regulations (2016) effective May 2018

It aims to create a singe data protection regime for the EU.

Question 2

How is data protection legislated in the UK?

Answer 2

UK GDPR 2020

Data Protection Act 2018 implemented GDPR (2016)

Replaced DPA Act 1998

Question 3

What are the principles under the Data Protection Act 2018?

Answer 3

1. Used lawfully, fairly and transparently
2. Collected for specified and legitimate purposes
3. Accurate
4. Retained for no longer than is necessary
5. Processed securely including the protection against unlawful use, loss or destruction.

Question 4

What are the 8 individual rights under GDPR?

Answer 4

1. Informed
2. Access
3. Rectification
4. Erasure
5. Restrict Processing
6. Data Portability (their own use)
7. Object
8. Automated Decision Making and Profiling (Insurance companies)

Question 5

Who are the key persons outlined within GDPR?

Answer 5

Controller - Determine the purposes and means of the processing of personal data. (Employer)

Processor - Processes personal data on behalf of the controller. (Call centre)

Data Protection Officer - Oversees the data protection approach, strategy and its implementation. Leadership role required by GDPR (2016).

Question 6

What are some changes brought about by GDPR?

Answer 6

Data Controller responsible for GDPR

Individuals can request what personal data is held and request it is deleted

Question 7

Who is GDPR policed by?

Answer 7

Information Commissioners Office (ISO)

Question 8

What do you know about forthcoming data legislation?

Answer 8

On 8 March 2023, the Government published the Data Protection and Digital Information Bill (2nd).

The New Bill looks to reform the current UK data protection framework comprising of UK GDPR, the DPA 2018 and the Privacy and Electronic Communications Regulations 2003.

Intended to make data protection legislation simpler for businesses to understand and implement.

Question 9

What is the Freedom of Information Act 2000?

Answer 9

Primary piece of UK legislation controlling the access to official information

Allows an individual to request access to information held by a public body.

Question 10

What are the timescales for requesting information under the Freedom of Information Act 2000?

Answer 10

20 working days in the requested format
A fee may be charged

Question 11

What is personal data?

Answer 11

Under GDPR, Personal data is any information which is related to an identified or identifiable natural person.

Question 12

What is a non-disclosure agreement?

Answer 12

NDAs are used to protect against the disclosure or sharing of any confidential data.

Question 13

What is a subject access request?

Answer 13

SAR - demand that the individual be given all information that a company holds on them.

Question 14

What is copyright?

Answer 14

A set of exclusive rights granted to the author or creator of any original work, including the right to copy which can be licensed, assigned or transferred.

Question 15

What is meant by confidentiality?

Answer 15

Where information is provided, but is subject to confidence and not shared without permission.

Question 16

What is Meta Data?

Answer 16

Meta Data is information about a specific piece of data.

When sharing a document, the Meta Data could include information about the author, file size, date the document was created etc.

Meta Data should be afforded the same level of care as other confidential information.

Question 17

What are the benefits of cloud based storage systems?

Answer 17

• Information is backed up on securely encrypted services.
• Accessibility can be managed via online settings.
• Often cheaper than physically storing files.
• ## Multiple users can access the same document.

Question 18

What different sources of information do you use in your day to day work?

Answer 18

• RICS publications
• Comparable search engines
• Background enquiry search engines
• BCIS

Question 19

How do you manage these sourced of information to ensure compliance with the legislation?

Answer 19

• Electronic information is kept securely on encrypted servers.
• Locking my computer, regularly updating passwords and undertaking cyber security training.

Question 20

How does your firm ensure compliance with Data Protection Act 2018?

Answer 20

• Only retain data needed for day to day operations
• If data is retained, the person should be kept informed and advised on why they have it.
• Hold data securely
• Keep information up to date and delete information no longer needed.

Question 21

What data is held in your office?

Answer 21

Employee data - personal information

Client Data - contact details, leases, plans and deeds.

Company Data - Accounts, ToE and instructions.

Question 22

What do you need to do if you have a data breach?

Answer 22

Must report to ICO within 72 hours where there is a loss of personal data and risk of harm to individuals.

Question 23

What are the fines for non-compliance with GDPR?

Answer 23

Maximum fine of £17.5 million or 4% of annual turnover for infringements.

UK ICO - alternative actions
1. Issue warnings
2. Imposing a temporary or permanent ban on data processing
3. Ordering the rectification, restriction or erasure of data.
4. Suspending data transfers to third countries.

Question 24

Describe a time you have used property records to communicate complex, reasoned advice?

Answer 24

Post Office Truro
- Photographic evidence - size of property/visibility
- Evidence schedules - comparable rents at AVD
- Analyse - RVs and tone
- Location Map - pitch

Question 25

What is some best practice to employ in managing data?

Answer 25

• Cross reference with hard copy/verification
• IT System maintenance - back up
• Audit trail