Data Management

Question 1

Why are diaries important for data management systems?

Answer 1

To remind you of trigger dates for lease events such as rent reviews, insurance renewals, inspections, break clauses.

Question 2

What are some examples of different data sources you work with?

Answer 2

1. Property schedules from clients.
2. Comparable evidence from online portals.
3. Due diligence info - planning portal, land registry, EPC register etc.

Question 3

What are some data security technologies?

Answer 3

• Disk encryption (secure hard-drive)
• Password protection
• VPNs
• Anti-virus software
• Firewalls
• 2FA

Question 4

What are your company’s policies on data security?

Answer 4

• Clear desk policy
• Lock PC when away from desk
• Use VPN outside of office
• Don’t download client files to hard-drive
• Phishing email training
• Secure disposal of paperwork

Question 5

What is ‘copyright’?

Answer 5

Exclusive intellectual property rights granted to the author/creator of any original work, including the right to copy.

They can be licensed, assigned or transferred.

Question 6

What is ‘Crown Copyright’?

Answer 6

All material created by the Government, such as laws, public records, press releases and OS maps.

Question 7

What must you do for any copyright duplicated in your work?

Answer 7

Acknowledge it

Question 8

What are the relevant data protection laws?

Answer 8

UK General Data Protection Regulation 2016

Data Protection Act 2018

Question 9

Describe the relevant data protection laws?

Answer 9

Following Brexit, the UK created the UK GDPR 2016 and Data Protection Act 2018.

Single regime for businesses regarding individuals’ control over how their data is used by 3rd parties.

Question 10

Key requirements of UK GDPR and Data Protection Act?

Answer 10

• Impact assessments for high-risk data
• Individuals’ rights to access
• Data controller - how/why data is processed and GDPR compliance
• Data breaches reported to Information Commissioner’s Office within 72 hours

Question 11

Who polices the UK regulations?

Answer 11

Information Commissioner’s Office (ICO)

Question 12

What are the penalties for breaches of the GDPR / Data Protection Act?

Answer 12

Fines - greater of 4% annual turnover or £17.5m

Question 13

Which article of UK GDPR relates to the storage of personal data?

Answer 13

Article 5(1)

Question 14

What is Article 5(1) and what does it prescribe?

Answer 14

Personal data rights:
PACKS

Processed lawfully & transparently (PLT)

Accurate and up to date

Collected for legitimate purposes

Kept in a form permitting identification for no longer than necessary

Security of data

Question 15

What does Article 5(2) of UK GDPR require?

Answer 15

Data controller - responsible for compliance

Question 16

What are the individual rights under UK GDPR?

Answer 16

A - Access
C – Consent
C - Correction
E – Erasure
P – Portability
ACCEP
(Accep your rights)

Question 17

Any other relevant legislation?

Answer 17

Freedom of Information Act 2000

Question 18

What is the Freedom of Information Act 2000?

Answer 18

Law giving individuals’ the right of access to public information.

The public body must say whether it holds the information and provide within 20 days with a right to charge for it.

Question 19

Exemptions to FOI Act 2000?

Answer 19

• Contrary to GDPR
• Would prejudice criminal matter under investigation or commercial interest

Question 20

What is an NDA?

Answer 20

Non-disclosure agreement:

Contract between parties regarding the non-disclosure of confidential market-sensitive information.

Question 21

Any RICS guidance?

Answer 21

Proposed RICS Professional Statement on Data Handling and Prevention of Cybercrime

Question 22

What is the proposed RICS Professional Statement on Data Handling and Prevention of Cybercrime

Answer 22

• Best practice and mandatory obligations for firms/members
• How surveyors capture, store and share data
• Mandate policies, practices, training

Question 23

what is the definition of personal data?

Answer 23

Any information related to an identified or identifiable person

Question 24

what is encryption

Answer 24

A means of securing data by encoding it mathematically so it can only be read by those with the correct key or cipher

Question 25

What is firewall?

Answer 25

Monitors traffic to / from your network. Allows / blocks traffic based on a defined set of rules.

Question 26

What is blockchain?

Answer 26

A digitally distributed, decentralized, public ledger that exists across a network

Question 27

Tell me about how you extract data from a source regularly used in your role?

Answer 27

Comparable evidence from Rightmove Plus

Question 28

How do you validate information?

Answer 28

Cross check with another source. Call to get further information / confirm details. Adopt a common sense approach.

Question 29

What type of documents can electronic signatures be used for?

Answer 29

To replace handwritten signatures in virtually every personal or business process.

Question 30

What are the strengths and limitations of primary/secondary data sources?

Answer 30

Primary Pros: Specific to the needs Greater control (type of data, design, method) More current May be more accurate Cons: Expensive Time consuming Secondary Pros: Easily accessible Affordable Less time consuming Cons: May lack reliability May be outdated Not always as specific

Question 31

How do you ensure data is kept secure?

Answer 31

Keep it safe from: corruption & control access. I do this by: - Passwords - Not leaving computer or files unattended - Regular back ups - Encryption and anti-virus software

Question 32

Benefits of cloud based systems?

Answer 32

- Information backed up by encrypted servers. - Accessibility can be managed via online settings. - Cheaper & more convenient to share files, instead of mailing physical copies. - Multiple users can work on the same document at the same time.

Question 33

Who are the key persons outlined within GDPR?

Answer 33

Controller – determines the purpose and means of processing personal data e.g. the employer. Processor – processes personal data on behalf of the controller e.g., call centres acting on behalf of its client. Data Protection Officer – leadership role - overseeing the data protection strategy and implementation.

Question 34

What should companies put into place to ensure GDPR compliance?

Answer 34

- Raise awareness across the business. - Audit personal data. - Review procedures supporting individual rights. - Identify and document the legal basis for processing personal data under GDPR. - Train staff.

Question 35

Define what disclosure means?

Answer 35

The sharing of information with others. Before sharing information you must have the right to disclose it and the person requesting must have the right to receive it.

Question 36

Why is secure data storage important?

Answer 36

* Client confidentiality. * Legal compliance. * Protection against data breaches, mitigating data loss, financial damage or reputational harm. * Business continuity. * Reputational management. * Competitive advantage - topic becoming increasingly relevant to clients.

Question 37

How does your company encrypt files?

Answer 37

Using Microsoft Azure Information protection, a cloud-based data encryption tool. Classified as confidential or highly confidential.

Question 38

What are phishing emails?

Answer 38

Fraudulent messages that attempt to deceive individuals into revealing sensitive information, such as usernames, passwords, credit card details, or other personal data.

Question 39

How can you spot a phishing email?

Answer 39

* Sender's email address * Poor grammar and spelling * Urgency and threats * Requests for personal information * Suspicious links and attachments * Unusual requests * Links to verify information

Question 40

What is an insider’s list?

Answer 40

A record to record who has access to inside information, including their names, positions, and contact details. They ensure compliance with insider trading and market abuse regulations.

Question 41

What law could have resulted in fines or prosecution (insider's list)?

Answer 41

Market Abuse Regulation (MAR): Governs insider trading and unlawful disclosure of inside information. Sets out requirements for maintaining an insider's list. Failure to comply can lead to penalties, fines, and potential criminal prosecution. Enforced by the Financial Conduct Authority (FCA).

Question 42

Why did using the company’s VPN ensure data could not be anonymously downloaded?

Answer 42

Because the VPN routed traffic through the company’s IP address, meaning it could be easily monitored and run through the firewall.

Question 43

What are some Excel data-handling features?

Answer 43

* Lookups * Text-to-columns * Concatenate * Pivot tables * Trim

Question 44

What is a shared drive?

Answer 44

A centralised storage location that allows multiple users on a network to access and share files and folders.

Question 45

What are yield sheets?

Answer 45

Documents stating yield ranges for different asset classes at a certain date with a comparison to previous dates and the movements.

Question 46

Why were the yield sheets confidential?

Answer 46

Because they contained confidential research information that could be viewed as a competitive advantage.

Question 47

What is a capital markets update?

Answer 47

A published communication on the current state of the capital markets, providing data such as financial information, investment levels in different sectors, growth and other statistics.

Question 48

What non-confidential information did you retain in the comps table?

Answer 48

* Key property info/characteristics * Number of service users * Local authority / town * Yield * Date * Lease structure