Data Management Flashcards

1
Q

What is the Data Protection Act

A

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

  • The 8 principles of Data Protection– FLAP SAID
    o Fairness, and Transparency;
    o Lawfulness,
    o Accuracy;
    o Purpose Limitation;

o Storage Limitations;
o Accountability.
o Integrity and Confidentiality;
o Data Minimisation;

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’.

There is stronger legal protection for more sensitive information.  

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is personal Data?

A

If it is possible to identify an individual directly from the information you are processing, then that information may be personal data.

For example: name, contact details and health records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is GDPR?

A

The General Data Protection Regulations (EU Legislation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the principles of GDPR.

A

Can be found at gov.uk

There are 7 principles:
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

Acronymn FLAP SAID

o Fairness, and Transparency;
o Lawfulness,
o Accuracy;
o Purpose Limitation;

o Storage Limitations;
o Accountability.
o Integrity and Confidentiality;
o Data Minimisation;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What Statute in the UK applies to this competency?

A

Data Protection Act 2018

  • Imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU
  • The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What data is protected by Statute?

A

Personal Data 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is all Data equal under the Statute?

A

No, some personal data which is defined as sensitive requires additional protection e.g. Health 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Legal Consequence of Non-Compliance to GDPR.

A

likely infringement – a warning may be issued;

infringement: the possibilities include a reprimand, a temporary or definitive ban on processing and

Smaller offenses = fines of up to €10million or 2% of a firms global turnover (the greater)

Serious offenses = fines of up to €20million or 4% of a firm’s global turnover (the greater

CRD - LL

– Criminal proceedings
– Reputational damage to MM
– Data subjects – right to compensation
– Losing right to bid for new projects
– Losing existing contracts where in breach of data protection clauses  

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of the GDPR

A

To protect and empower personal data privacy and to reshape the way organisations process data – Was designed to harmonise data privacy laws across Europe in accordance with new data protection governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is BIM?

A

Building Information Modelling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where is the data in BIM?

A

BIM is a 3D model where each 3D object contains “Metadata”. Thus acting as a “Database”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the advantages and disadvantages of BIM?

A

Better planning and design
Easy design changes – model is shared, set times for change could be implemented.
Minimal rework on site – model facilitates visibility of potential problem areas.
Lifetime information to the end user.
Requires substantial investment in the software.

Training and additional staff required (time saving usually makes this investment worthwhile)
Trust and collaboration required. Normal routing of tendering etc is different, all parties must share knowledge and invest sometimes before they are awarded the project.
End user simply may not use the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a CDE?

A

A common data environment (CDE) is a digital information platform that centralizes project data storage and access, typically related to a construction project and building information modeling (BIM) workflows. The data stored in a CDE originally consisted of BIM data and information. Today, a CDE also includes documents like project contracts, estimates, reports, material specifications, and other information relevant to a project’s design and construction processes.

is a digital platform that centralized project data storage and access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where does MM store project data?

A

Sharepoint, Projectwise (CDE), Connect Business, Connect People, DISX.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the name of the RICS’s Cost Data Subscription Service?

A

BCIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the difference between a project Extranet and Intranet?

A

One is hosted within the company and the other hosted externally

17
Q

What Business Management Systems are there in MM

A

In simple terms, STEP, Connect Business and Eforms

18
Q

What is Data Classification?

A

The Protective Marking of Documents to highlight security and access restrictions

19
Q

What is an NDA?

A

A Non-Disclosure Agreement – Data should not be disclosed to third parties

20
Q

What data can be used to support the estimating process

A

BCIS, In-house cost data and Price Books

21
Q

What are the benefits of cloud based storage systems?

A

Information is backed up securely on encrypted servers

Accessibility can be managed via online settings

Cloud systems are often cheaper than the costs of physically storing and managing files

It is convenient to send and share files online instead of mailing physical copies

Cloud systems are environmentally friendly

Multiple users can access the same documents

Documents and folder systems can be synchronised

22
Q

What is the meaning of a non disclosure agreement?

A

Non disclosure agreements are used to protect against the disclosure or sharing of any confidential data.

Prior to the confidential data being share with a recipient, clients will typically request that the recipient signs up to an NDA.

They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.

23
Q

If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?

A
  • Make client aware of risks
  • Conflict of interest
  • Letter of instruction to continue
  • Exclusivity of staff
  • NDAs
  • Single Communication Lines in to client
  • Separate working locations
  • Secure storage
24
Q

Who are the key persons outlined within GDPR?

A

Controller

The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data (e.g., when processing an employee’s personal data, the employer is considered to be the controller).

Processor

A natural person or legal entity that processes personal data on behalf of the controller (e.g., a call centres acting on behalf of its client) is considered to be a processor. At times, a processor is also called a third party.

Data Protection Officer (DPO)

The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.  

25
Q

What are the 8 individual rights under GDPR?

A

The right to be informed
The right of access
The right of rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights of automated decision making and profiling

Acronymn RADIOER

o The right of Rectification
o The right of Access
o The right of Data Portability
o The right to be Informed
o The right to Object
o The right to Erasure
o The right to Restrict Processing
o Rights of automated decision making and profiling

26
Q

What does it mean to be GDPR compliant?

A

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. 

27
Q

What things must companies put in place to ensure GDPR compliance?

A

Raise awareness across your business

Audit all personal data

Update your privacy notice

Review your procedures supporting individuals’ rights

Identify and document your legal basis for processing personal data under the GDPR

Review how you seek, obtain and record consent

28
Q

Who oversee information rights in the UK ?

A

ICO - International Commissioners Office

29
Q

Why do you keep company data for 12 years?

A

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

30
Q

What should you do if there is a data breach ?

A

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

31
Q

What are ISO Standards ?

A

International Organisation for Standardisation. An international standard setting body of representatives from varying national standards.
* ISO 9000 – Quality Management Systems
* ISO 8000 – Data Quality
* ISO 14001 – Environmental Management Systems
* ISO 45001 – Health and safety

Internationallyagreed upon by experts and describes the best way of doing something.

32
Q

What is the limitations act ?

A

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

33
Q

Can you tell me what a Information barrier is and any examples?

A

Physical and electronic separation of individuals within the same firm that prevents confidential information passing between them.

Examples: xyz

34
Q

How is a ‘personal data breach’ defined? What do you do if it occurs?

A

“a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”