Data Management Flashcards
What is GDPR?
- General Data Protection Regulation
- EU’s GDPR no longer applied to UK but new UK GDPR basically the same
- UK GDPR is covered by the Data Protection Act (2018)
- Aims to create a single data protection regime affecting businesses
- Empowers individuals to take control of how their data is used by third parties
What are the key requirements of GDPR?
- Obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- Data protection officer oversees GDPR compliance and decides how and why personal data is processed
- Data accountability – organisations can prove to the ICO how they comply with new regulations
- Data security breaches need to be reported to ICO within 72 hours
What are the penalties?
Up to 4% global turnover of the company or £17.5 million (whatever is the greater)
Who is the GDPR policed by?
Information Commissioners Office (ICO)
What are the individual rights under the UK GDPR?
- Right to be Informed
- Right to Access
- Right to Erasure
- Right to Object
- Right to Data portability (to use for their own purposes)
- Right to Restrict processing
- Right to Rectification
- Right to Automated decision making and profiling (as undertaken by insurance firms)
What are the principles of the UK GDPR relating to storing personal data?
- Article 5(1):
o Proceeded lawfully, fairly and transparently
o Collected for specified, explicit and legitimate purposes
o Adequate, relevant and limited to what is necessary for the purposes for which they are processed
o Accurate and where necessary kept up to date
o If inaccurate must be erased or rectified without delay
o Kept in form which permits identification for no longer than necessary
o Process in a manner that ensures appropriate security of the personal data - Article 5(2):
o Controller should be responsible for and be able to demonstrate compliance with the principles
What is the Freedom of Information Act (2000)?
- Gives individuals the right of access to information held by public bodies
- Public body must tell if they hold the information
- Public body is required to supply it in 20 working days in the format requested
- It can charge for the provision of the information
What are the exemptions of the Freedom of Information Act (2000)?
- Contrary to the GDPR requirements
- It would prejudice a criminal matter under investigation
- It would prejudice a person’s/firm’s commercial interest
What is encryption?
Process of encoding a message so only authorised parties can access
What is a fire wall?
Security system that monitors and controls incoming and outgoing traffic from your network. It prevents unauthorised access
What is an NDA?
Non-disclosure agreement – legally binding contract that requires parties to keep information confidential
What happens if an NDA is breached?
The party that was harmed from the breach can take legal action to enforce the agreement and seek damages for losses incurred
What RICS Professional Standard has been proposed that relates to data management?
- RICS Professional Standard on Data Handling and Prevention of Cybercrime – best proactive and mandatory obligations
- How surveyors capture, store and share data appropriately and securely
How do you ensure the security of your data?
- Password protected devices
- Anti-virus software
- Regular backups off site
- Firewalls
- Disaster recovery procedures
- Store paperwork in locked cupboards you no longer need
- Encryption in your emails
- NDA
How is HG GDPR compliant?
- Secure website to prevent personal data from unauthorised access, breach or theft
- Get consent for emails for mailing lists
- Store information for 6 years
- Data Handling Officer
- Prepare action for handling data breaches
Who’s responsibility is data protection?
Every individual working at HG must ensure that information is used and collected in a lawful, fair and transparent way. The Data Protection officer is there to monitor everyone acting in compliance with the act and for people to seek guidance
What is special data and how do you process this?
- Special data is personal data which GDPR says is more sensitive and so needs more protection (e.g. race, sexuality, political opinion)
- Should not process special categories of data or make assumptions to influence business decisions
Who owns personal data?
The subject person the data is about
What is data?
facts and statistics collected for reference or analysis
What is copyright?
- A set of exclusive rights granted to the author of any original work, including the right to copy
- These rights can be licensed, assigned or transferred
What does the crown copyright refer to?
All materials created and prepared by the government, such as laws, public records, OS mapping
Did you have permission to use that image?
Yes because I have provided attribution to Google. They allow the fair use of their data
What is the significance of managing and storing accurate records of data and can you give an example of when you have done that?
I utilize various databases such as CoStar and EGI for data collection. I acknowledge that each of them varies in terms of accuracy. When I am conducting a rent review or lease renewal, I gather my comparable evidence through these sites which provide me with the details of historic deals. I fully comprehend the limitations in the accuracy of these databases as well as the importance of relying on trustworthy and pertinent sources