Data Management Flashcards
What is the main UK legislation?
- Data Protection Act,2018
- Brings EU GDPR law into UK law
- Can only use data for the original purpose and must only request relevant data, store it securely and destroy when no longer required
- 8 rights for individuals regarding data
o To be informed
o To have access
o To object
o To restrict processing
o To rectify
o To erase
o To move data
o To automated profiling and decision making
What does the DPA, 2018 state?
Personal data must be:
6 Principles of Data Protection
1. P – Processed Fairly & Lawfully
2. L – Not kept Longer than necessary
3. A – Adequate and limited to what is necessary
4. A – Accurate & up to date
5. R – Relevant
6. S – Kept Securely
What are the rules for firms regarding handling data?
- Impact assessments
- Data controller
- Clear polices in place and staff training for date handling
- Report breaches within 72 hours
What are the penalties for breaching the Data Protection Act, 2018?
- Must report breaches within 72 hours
- Fines of up to the higher of 4% of turnover or 20million Euros
Data Protection Act 2018 - rights
Gives rights to:
1. Rectify
2. Be Informed
3. Data Portability
4. Erasure
5. Access
6. Object
7. Restrict Processing
8. Automated Decision Making & Profiling
What is Copyright?
- To do with Intellectual Property
- Set of exclusive rights to an author of original work, including the right to copy
- Can be licensed, assigned or transfer
Data security technologies include:
- Disk encryption – secure hard disk drive
- Regular backups off site
- Password protection
- Use of anti-virus software protection
- Firewalls and disaster recovery procedures
GDPR in the UK
- The Data Protection Act, 2018 is the UK’s implementation of the GDPR
- Act is a complete data protection system, so as well as governing personal data covered by GDPR, it covers all other general data
- GDPR represents the largest change in data protection law across the EU
- Replaced Data Protection Act 1998 – the obligations are now more prescriptive, and penalties are greater
- Relates to personal data
- Gives people stronger rights to be informed about how their personal information is used
What are the individual rights for GDPR and DPA 2018
Individual Rights
1) Right to be informed
2) Right of access
3) Right to rectification
4) Right to erasure
5) Right to restrict processing
6) Right to data portability (to use for their own purposes)
7) Right to object
8) Rights to automated decision making and profiling (as undertaken by insurance companies)
Any RICS guidance
Proposed RICS Professional Statement: Handling and Prevention of Cybercrime
- Covers best practice and mandatory obligations with which RICS professionals and regulated firms must comply
- Addresses how surveyors capture, store and share data
- Mandate policies, practises and training for all regulated firms and members