Data Management

Question 1

1. What is the legislation for data management?

Answer 1

a. Data protection act 2018
b. GDPR UK

Question 2

2. What do you need to do to ensure information remains safe

Answer 2

a. Password protection
b. Encryption
c. Anti-Virus protection
d. Back ups off site
e. Firewalls and disaster recovery procedures

Question 3

3. How to you manage the data on internal systems

Answer 3

a. Internal audits using a triangulation method

Question 4

4. How did you manage data when Metrocentre moved over?

Answer 4

a. A secure file share link was set up. Everything requested was uploaded into this and then downloaded into our files. Once downloaded it was then removed from the shared database
b. The files the data is stored in are encrypted. Access is only given to those working on the centre.
c. Sensitive folders documents have additional password protection.
d. Data is back up on an off site location that only very senior and specific IT people know where it is.

Question 5

5. What does GDPR stand for?

Answer 5

a. General data protection regulations

Question 6

6. What is the UK GDPR 2016

Answer 6

a. The EU’s GDPR no longer applies and this was almost entirely transcribed into UK GDPR
b. It is supplemented by the Data protection Act 2018 which combined, replases DPA 1998 and relates to personal data.
c. Creates a single regime affecting businesses and empower individuals to take control of how their data is used by 3rd parties.
d. Gives people rights to be informed about how information is used.

Question 7

7. What are the key requirements for companies under UK GDPR 2016 and DPA 2018?

Answer 7

a. Conduct data protection impact assessments
b. Provide access and to have it erased
c. A data controller decides how and why personal data is processed. (directly responsible for GDPR)
d. Have to prove to Information commissioner’s Office (ICO) how they comply to new regs
e. Data security breaches reported to ICO within 72 hours
f. Fines greater of 4% global TO or £17.5m
g. Policed by ICO

Question 8

9. What are the individual rights?

Answer 8

a. To be Informed
b. Of access
c. To amend
d. To remove
e. To restrict processing
f. To sharing data
g. To object
h. To automated decision making

Question 8

8. What are the 7 principles of UK GDPR 2016?

Answer 8

a. Processed lawfully, fairly and transparently
b. Collected for specified, explicit and legitimate purposes
c. Relevant to the purpose
d. Accurate and kept up to date
e. Kept only for the time required
f. Ensures security whilst being processed.
G. Controller is responsible for and demonstrate compliance

Question 8

10. How to check accuracy of data?

Answer 8

a. Triangulation method, for example, manual tenancy schedule against the system against the lease

Question 8

11. What property management systems do we use?

Answer 8

a. Turnover portal
b. Compass
c. Workflow
d. MRI

Question 8

13. What is the difference between UK GDPR and data protection act?

Answer 8

a. UK GDPR 2016 sits alongside the DPA 2018. GDPR applies to UK controllers and processors based outside the UK but offering services/monitoring individuals. It deals with transferring data between the UK and EEA (European Economic Area. Where DPA focusing on the individuals rights and control of their personal data.

Question 8

16. What is the process for reporting to ICO?

Answer 8

a. Within my company, I would raise a data breach to my manager who would then contact our data controller. They would the report to ICO
b. ICO have the ability to report a data breach using an online form on their website

Question 8

14. How many principles to data protection

Answer 8

a. 5

Question 8

12. What is a firewall?

Answer 8

a. It prevents unauthorised access to private data

Question 8

17. What is the fine for data breach?

Answer 8

a. 4% TO or £17.5m

Question 8

15. Who do you report data breach to?

Answer 8

a. Internal officer
b. ICO within 72 hours

Question 8

18. Can you talk about a data system you set up and advised to the client?

Answer 8

b. When on-boarding a centre I found there was over a 100 leases which had turnover within it. Therefore, I initially set up encrypred files for each tenant and stored any turnover information we have in each of the files. In addion to this I then set up spreadsheets which had the turnover clause information within it in order to be able to calculate any turnover rent. All information was stored in encrypted folders which have firewall and anti virus protection. It is also back up off- site and only those working on the centre has access. Following this, I was involved with a working group that help make and implement a turnover system. This was done with the IT team and again, it is set up on a safe and secure encrypted system.
c. We have a data centre that stores and manages our data. We have a cloud based system which is controlled and managed by our IT team, which is encrypted. Only senior management and certain people in the IT team know where the data system is kept.

Question 8

19. What is encryption?

Answer 8

a. Encryption is the method of taking data, scrambling it with a complex pattern so that if an unauthorised person gains access they cannot understand the information.

Question 8

20. How is encryption put in place?

Answer 8

a. Within my company this is something that is dealt with at a higher level and within a IT department.
b. If I was to start my own company, when purchasing computers/data back up storage options etc, I ensure they come with data encryption. If this isnt possible then you can also get third party encryption programmes or most business anti-malware programmes include encryption.

Question 8

22. How do Savills store manage and use this data?

Answer 8

a. Depends how sensitive the data is but as a broad answer
i. Ecypted files
ii. Password protection
iii. Fire walls and malware
b. The data that I predominantly use is in relation to rent and service charge collection. To be able to see how much rent/SC collected over the quarter/month etc as a %. The overall arrears outstanding, turnover data that can be used to look for YoY comparisons, trends in categories and sales density.

Question 8

21. How do we use the data to advise the client for benchmarking, rent reviews etc

Answer 8

a. Currently, turnover is a large focus for my clients. This includes store turnover data and turnover information received via audited certificates.
b. Once the data from store level has been collated, it is then put into categories and compared to YoY figures. I then put this into a bar graph which shows the categories (womenswear) may be doing well that month or the category that is doing worst that the prior year. This can also be used to see which categories have done over the year or multiple years. It means that the asset team can review this data and understand where the focus is. For example, if womenswear is exceeding expectations then maybe more focus can be made in finding new tenants that cater for this.

Question 9

23. What published sources do you use?

Answer 9

a. EPC register
b. VOA
c. Flood risk
d. Planning portals
e. Companies house

Question 10

1. What and when did the regulations come in for EPCs

Answer 10

a. 1st April 23 anything currently occupied or new lettings has to have a minimum EPC of an E.

Question 11

2. What regulations introduced the new EPC rule

Answer 11

a. MEEs Minimum Energy Efficiency standards

Question 12

3. How do you ensure information on the system is correct?

Answer 12

a. I do a regular review using a triangulation method

Question 13

Who is the Data controller

Answer 13

We have a compliance team which is headed up by Melissa Shaw