Data Management

Question 1

What data is held physically?

Answer 1

• Deeds
• Older lease documents

Question 2

What is data?

Answer 2

Facts and statistics collected together for reference or analysis.

Question 3

What should you consider when handling data?

Answer 3

• Where it comes from and how reliable it is (e.g. co-star)
• verification methods
• types of data
• how data should be stored securely (in accordance with the law)
• Importance of inputting data correctly (i.e. tenancy schedule or trigger dates for property management systems - rent review etc)

Question 4

How can you verify data?

Answer 4

Data should be verified against an alternative source (through triangulation)

Question 5

Why is it important to keep data secured safely?

Answer 5

• Keep data safe from corruption
• Maintain privacy and protection

Question 6

How do you ensure data is stored securely?

Answer 6

• Disk encryption (secure hard drive disk)
• Regular backups
• Password protection
• Anti-virus software
• Firewall and disaster recovery procedures

Question 7

What is copyright?

Answer 7

• A set of exclusive rights granted to the creator of any original work, including the right to copy
• Copyrights can be licensed, assigned and transferred

Question 8

What is Crown Copyright?

Answer 8

• Refers to all material created and prepared by the Government (e.g. laws, public records, OS maps)

Question 9

What should you do if you copy information from an original source?

Answer 9

It is essential that any copyright information duplicated in my work should be acknowledged.

Question 10

What is the Data Protection Act 2018?

Answer 10

The data protection act 2018 is the UK’s implementation of GDPR

It controls how personal information is used by organisations, businesses or the government

Question 11

What are the key points of the Data Protection Act 2018?

Answer 11

The act is a complete data protection system

• UK’s implementation of GDPR
• It governs personal data covered by GDPR
• Covers all other general data as previously covered in the former DPA 1998 act
• gives people stronger rights to be informed about how their personal information is used
• relates to personal data

Question 12

What is the difference between DPA 1999 and 2018?

Answer 12

• Obligations in the new regulations are more prescriptive and penalties are greater.

Question 13

What is the purpose of the Data Protection Act 2018?

Answer 13

Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by 3rd parties.

Question 14

What are the key requirements of the DPA 2018?

Answer 14

• Conduct data protection impact assessment for high risk holding of data
• Rights for individuals to have access to information on what personal data is held and have it erased.
• Data controller decides how and why personal data is processed and is directly responsible for GDPR
• Data accountability ensuring organisations can prove to the Information Commissioners Office how they comply with the new regulations
• Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm
• Increase in fines up to 4% of global turnover of the company or 20 million euros (whichever the greater)
• Policed by ICO

Question 15

Who enforces Data Protection?

Answer 15

Policed / enforced by the Information Commissioners Office (ICO)

Question 16

Every organisation or sole trader who processes personal information must…

Answer 16

register and pay a data protection fee to the ICO

Question 17

What is the timeframe of reporting a data security breach?

Answer 17

Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm

Question 18

What are the principles of GDPR?

Answer 18

Principles relating to the storage of personal data states that data must be:

Lawfulness, fairness and transparency - Processed lawfully, fairly and in a transparent manner

Purpose limitation - data collected for specified, explicit and legitimate purposes

Data minimisation - limited to what is necessary

Accuracy - Accurate and kept up to date (inaccurate data should be erased / rectified without delay)

Storage limitation - kept in a form which permits identification of data subjects for no longer than is necessary for the purpose.

Integrity and confidentiality (security) - Protection against unauthorised and unlawful processing and against accidental loss, destruction, damage (kept secure in locked filing cabinet or fire wall)

Accountability - Controller responsible for and be able to demonstrate compliance

Question 19

What is the role of a Data Controller?

Answer 19

• Responsible for being able to demonstrate compliance with the principles of GDPR
• Decides how and why personal data is processed.

Question 20

What are the 8 individual rights under GDPR?

Answer 20

1. Right to be informed
2. Right to access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (own purposes)
7. Right to object
8. Right to automated decision making and profiling (as undertaken by insurance companies)

Question 21

What is the Freedom of Information Act 2000?

Answer 21

Gives individuals the right of access to information held by public bodies.

Question 22

What is the process of the Freedom of Information Act 2000?

Answer 22

• Must tell any individual requesting sight of information whether it holds it.
• Supply the information within 20 working days in the format requested

Question 23

What are the exemptions of the Freedom of information act 2000?

Answer 23

• Contrary to GDPR requirements (i.e. personal data)
• Prejudice a criminal matter under investigation

Question 24

How can you improve the security of data?

Answer 24

• Firewall, encryption or passwords
• Non-disclosure agreement

Question 25

What is a Non-disclosure agreement?

Answer 25

NDA’s are legally enforceable contracts that create a confidential relationship between a person who has sensitive information and a person who will gain access to that information.

Question 26

Is there a Guidance note or professional statement for Data Handling?

Answer 26

No it was proposed but it is not in place.

Question 27

What does GDPR stand for?

Answer 27

General Data Protection Regulation

Question 28

When did GDPR come into affect?

Answer 28

New rules relating to how we collect and process personal data - the EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018.

Question 29

Have you completed any training on GDPR ? what did you learn ?

Question 30

What are the maximum fines (UK GDPR) , how are the fines calculated ?

Answer 30

£17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher

Question 31

What legislation covers data protection in the UK ?

Answer 31

Data Protection Act 2018 and UK GDPR

Question 32

Does GDPR apply post Brexit ?

Answer 32

Yes, many aspects of GDPR is within ‘UK GDPR’ which sits alongside an amended version of the DPA 2018.

Companies will still need to comply.

Question 33

What were the changes (GDPR post Brexit)?

Answer 33

UK government will control the UK GDPR as opposed to the European union.

Question 34

Who oversee information rights in the UK ?

Answer 34

ICO - International Commissioners Office

Question 35

What happens if you are sharing or processing data from the EU ?

Answer 35

Adhere to :
* UK GDPR
* EU GDPR
* Data Protection Act 2018

Question 36

How do you ensure data you hold on clients is kept secure and confidential ?

Answer 36

I use secure documents that are stored in password protected files.

I only keep the information I need and use it for the purpose it has been collected without passing it on unless I have approval prior.

Question 37

How have you changed the way you managed data during COVID 19 and home working ?

Answer 37

Only allowed to use work equipment, the storage of files/documents to be locked away, regular update on password protected equipment etc.

Question 38

What should you do if there is a data breach ?

Answer 38

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

Question 39

Can you give me some example of the data you manage ?

Answer 39

• Client details
• Finances
• Contact details
• Complaints

Question 40

What is personal data ?

Answer 40

Personal data only includes information relating to natural persons who:

• can be identified or who are identifiable, directly from the information in question; or
• who can be indirectly identified from that information in combination with other information.
• Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.

Question 41

Can you expand on what BCIS is ?

Answer 41

The Building Cost Information Service, provides cost and price data for the UK construction industry. It is a part of the Royal Institution of Chartered Surveyors.

Question 42

What kind of information is ‘sensitive’ information?

Answer 42

Health records, financial information, address, educational records etc

Question 43

What is the difference between a deed and a registered title?

Answer 43

The deed is the physical document that proves ownership

The title is the concept of legal ownership that the deed grants you

Question 44

What do you know about GDPR?

Answer 44

General Data Protection Regulations:

• 7 principles
• Now the ‘UK GDPR’ which sits alongside an amended version of the DPA 2018.