Data management Flashcards
Explain the data act 2018
This act makes provisions about the processing of personal data
Most process of personal data is subject to GDPR
How long would you hold personal data for ?
The minimum amount of time possible
Give me some examples of data secure technologies ?
Disk encryption
Regular backups off site
Password protection and use of anti-virus software
Firewalls and recovery process
Give the background to UK GDPR 2016 and Data protection act 2018 ?
TH EU GDPR no longer applies in the UK, but was almost entirely transcribed in to the UK GDPR
UK GDPR is supplemented by the Data protection act 2018. This combines regime replaces the data protection act 1998, and related to personal data
It aims to create a single data protection regime affecting business and empower individuals to take control of how their data is used by third parties
It gives people rights to be informed about how they personal information is used
Key requirements under the act
Conduct data protection risk assessments
New rights for individuals to have access to information on what personal data is held and erase
Data controller decides how and why personal data processed and is directly responsible for gdpr
Principal of ‘data accountability’ ensuring that organisations can prove to the information commissions office how they comply with gdpr
Data security breaches need to reported to ICO within 72 hours where there is a loss of personal data
Fines of up to 4% of global turnover or 17.5 million the greater of
Policed by ICO
Key principals of the UK GDPR
Article 5 Principles relating to the storage of personal data states that data must be:
Processed lawfully and in a transparent manner
Collected for specified, explicit and legitimate purposes an don’t for ways which is incompatible in that way
Adequate, relevant and limited to what is necessary for the prepossessed they are processed
Accurate and kept up to date, every reasonable step to ensure this
Kept for no longer than necessary
Securely stored that prevents loss and, destruction or damage
Article 5 (2) requires that the controller shall be responsible foe and be able to demonstrate , compliance with the principles
What is the fine for breaching GDP regulations? What is GDPR?
Maximum fine is 4% of global turnover. Both companies and individuals can be prosecuted. 17.5 million the greater of)
GDPR (General Data Protection Regulation) gives everyone new rights as to how their data is used. It places stricter requirements on companies as to how data is secured and used.
What are the key points of the data protection act?
UK GDPR is supplemented by the Data Protection Act 2018, replacing the data protection act 1998. It gives people the right to be informed about how their personal data is used.
The key requirements of the UK GDPR include an obligation to conduct data protection impact assessments with new rights for individuals to have access to information on what personal data is held and to have it erased. A data controller is appointed to decide how and why personal data is processed and directly responsible for GDPR. Fines of up to 4% of global turnover or £17.5 million whichever is greater is policed by the ICO.
What do you do to protect data?
I rely on data securing technologies such as firewalls and anti-virus protection, any data held is also password protected and I ensure to lock my computer whenever I am away from it.
What are individual rights under GDPR?
-Right to information (to be informed when the data is being held and how it is stored and used, Savills have a Privacy Policy uploaded onto the website.
-Right to Access (can see the data held about them)
-Right to Rectification (Correct any data that is hold, such as a name change after a wedding).
-Right to Erasure (apart from that we need to keep for legal reasons)
-Right to restrict how their data is used (not sending it to third parties)
-Right for Portability (when a customer wants to give copies to another provider)
-Right to object (not going on a mailing list)
- right to automate decisons
Considerations for data for public bodies
Freedom of information act 2000
Gives individuals rights of access to information held by public bodies
The public bodies must tell individual requesting sight of information whether it holds it
Supply information within 20 days in the format requested
It can charge for the provision of information
Exceptions to releasing of personal data?
It would be a criminal matter, statutory obligation from police or HMRC say
How do you obtain this data for your management reports?
We have an internal data basing system
That our client accountants use to detail payments made
Key considerations? management reports
As a surveyor we set up new leases and in the system via workflow to detail uo and coming lease events as well as rental agreement.
I ensure to input these things accurately to prevent in correctly charging tenant levels of rent or charging them when their lease expires
Particularly important id the lease is outside the 54 act as this forms a periodic tenancy – which can be resolves but does compromises the security the exclusion gives us