Data Management

Question 1

What is the Data Protection Act

Answer 1

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

• The 8 principles of Data Protection– FLAP SAID
  o Fairness, and Transparency;
  o Lawfulness,
  o Accuracy;
  o Purpose Limitation;

o Storage Limitations;
o Accountability.
o Integrity and Confidentiality;
o Data Minimisation;

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’.

There is stronger legal protection for more sensitive information.  

Question 2

What is personal Data?

Answer 2

If it is possible to identify an individual directly from the information you are processing, then that information may be personal data.

For example: name, contact details and health records.

Question 3

What is GDPR?

Answer 3

The General Data Protection Regulations (EU Legislation)

Question 4

What are the principles of GDPR.

Answer 4

Can be found at gov.uk

There are 7 principles:
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

Acronymn FLAP SAID

o Fairness, and Transparency;
o Lawfulness,
o Accuracy;
o Purpose Limitation;

o Storage Limitations;
o Accountability.
o Integrity and Confidentiality;
o Data Minimisation;

Question 5

What Statute in the UK applies to this competency?

Answer 5

Data Protection Act 2018

• Imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU
• The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros

Question 6

What data is protected by Statute?

Answer 6

Personal Data 

Question 7

Is all Data equal under the Statute?

Answer 7

No, some personal data which is defined as sensitive requires additional protection e.g. Health 

Question 8

Legal Consequence of Non-Compliance to GDPR.

Answer 8

likely infringement – a warning may be issued;

infringement: the possibilities include a reprimand, a temporary or definitive ban on processing and

Smaller offenses = fines of up to €10million or 2% of a firms global turnover (the greater)

Serious offenses = fines of up to €20million or 4% of a firm’s global turnover (the greater

CRD - LL
 
– Criminal proceedings
– Reputational damage to MM
– Data subjects – right to compensation
– Losing right to bid for new projects
– Losing existing contracts where in breach of data protection clauses  

Question 9

What is the purpose of the GDPR

Answer 9

To protect and empower personal data privacy and to reshape the way organisations process data – Was designed to harmonise data privacy laws across Europe in accordance with new data protection governance

Question 10

What is BIM?

Answer 10

Building Information Modelling

Question 11

Where is the data in BIM?

Answer 11

BIM is a 3D model where each 3D object contains “Metadata”. Thus acting as a “Database”

Question 12

What are the advantages and disadvantages of BIM?

Answer 12

Better planning and design
Easy design changes – model is shared, set times for change could be implemented.
Minimal rework on site – model facilitates visibility of potential problem areas.
Lifetime information to the end user.
Requires substantial investment in the software.

Training and additional staff required (time saving usually makes this investment worthwhile)
Trust and collaboration required. Normal routing of tendering etc is different, all parties must share knowledge and invest sometimes before they are awarded the project.
End user simply may not use the information.

Question 13

What is a CDE?

Answer 13

A common data environment (CDE) is a digital information platform that centralizes project data storage and access, typically related to a construction project and building information modeling (BIM) workflows. The data stored in a CDE originally consisted of BIM data and information. Today, a CDE also includes documents like project contracts, estimates, reports, material specifications, and other information relevant to a project’s design and construction processes.

is a digital platform that centralized project data storage and access.

Question 14

Where does MM store project data?

Answer 14

Sharepoint, Projectwise (CDE), Connect Business, Connect People, DISX.

Question 15

What is the name of the RICS’s Cost Data Subscription Service?

Answer 15

BCIS

Question 16

What is the difference between a project Extranet and Intranet?

Answer 16

One is hosted within the company and the other hosted externally

Question 17

What Business Management Systems are there in MM

Answer 17

In simple terms, STEP, Connect Business and Eforms

Question 18

What is Data Classification?

Answer 18

The Protective Marking of Documents to highlight security and access restrictions

Question 19

What is an NDA?

Answer 19

A Non-Disclosure Agreement – Data should not be disclosed to third parties

Question 20

What data can be used to support the estimating process

Answer 20

BCIS, In-house cost data and Price Books

Question 21

What are the benefits of cloud based storage systems?

Answer 21

Information is backed up securely on encrypted servers

Accessibility can be managed via online settings

Cloud systems are often cheaper than the costs of physically storing and managing files

It is convenient to send and share files online instead of mailing physical copies

Cloud systems are environmentally friendly

Multiple users can access the same documents

Documents and folder systems can be synchronised

Question 22

What is the meaning of a non disclosure agreement?

Answer 22

Non disclosure agreements are used to protect against the disclosure or sharing of any confidential data.

Prior to the confidential data being share with a recipient, clients will typically request that the recipient signs up to an NDA.

They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.

Question 23

If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?

Answer 23

• Make client aware of risks
• Conflict of interest
• Letter of instruction to continue
• Exclusivity of staff
• NDAs
• Single Communication Lines in to client
• Separate working locations
• Secure storage

Question 24

Who are the key persons outlined within GDPR?

Answer 24

Controller

The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data (e.g., when processing an employee’s personal data, the employer is considered to be the controller).

Processor

A natural person or legal entity that processes personal data on behalf of the controller (e.g., a call centres acting on behalf of its client) is considered to be a processor. At times, a processor is also called a third party.

Data Protection Officer (DPO)

The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.  

Question 25

What are the 8 individual rights under GDPR?

Answer 25

The right to be informed
The right of access
The right of rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights of automated decision making and profiling

Acronymn RADIOER

o The right of Rectification
o The right of Access
o The right of Data Portability
o The right to be Informed
o The right to Object
o The right to Erasure
o The right to Restrict Processing
o Rights of automated decision making and profiling

Question 26

What does it mean to be GDPR compliant?

Answer 26

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. 

Question 27

What things must companies put in place to ensure GDPR compliance?

Answer 27

Raise awareness across your business

Audit all personal data

Update your privacy notice

Review your procedures supporting individuals’ rights

Identify and document your legal basis for processing personal data under the GDPR

Review how you seek, obtain and record consent

Question 28

Who oversee information rights in the UK ?

Answer 28

ICO - International Commissioners Office

Question 29

Why do you keep company data for 12 years?

Answer 29

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

Question 30

What should you do if there is a data breach ?

Answer 30

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

Question 31

What are ISO Standards ?

Answer 31

International Organisation for Standardisation. An international standard setting body of representatives from varying national standards.
* ISO 9000 – Quality Management Systems
* ISO 8000 – Data Quality
* ISO 14001 – Environmental Management Systems
* ISO 45001 – Health and safety

Internationallyagreed upon by experts and describes the best way of doing something.

Question 32

What is the limitations act ?

Answer 32

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

Question 33

Can you tell me what a Information barrier is and any examples?

Answer 33

Physical and electronic separation of individuals within the same firm that prevents confidential information passing between them.

Examples: xyz

Question 34

How is a ‘personal data breach’ defined? What do you do if it occurs?

Answer 34

“a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”