Data Management

Question 1

What is Data Management?

Answer 1

To collect and store data securely and efficiently.

Question 2

Why is it important to protect clients data?

Answer 2

If personal data falls into the wrong hands, people could become victims of identity theft, discrimination or even physical harm.

Question 3

How long does a company hold data for?

Answer 3

Aslong as it is neccesasry to respond to legal claims - this would be dependant on how the instruction was executed:

• 6 Years under hand.
• 12 years by deed.

RICS recommends 15 years as a long-stop position if the claimant did not know a loss was suffered earlier.

RICS, Practice Information on Risk, Liability and Insurance, 1st edition

Question 4

What is the General Data Protection Act?

Answer 4

Act of parliament to ensure information is held safely and securely.

It is the UK legislation for the implementation of the General Data Protection Regulations (GDPR).

Question 5

What is included within your firms Data Protection Policy?

Answer 5

How the firm will use /share data.

Data Controller contact details - Person who is responsible for the purpose and means of processing personal data.

Data Protection Officer contact details - Responsible for the strategy.

The entitlement to request access to any personal data which is held by the Company.

We do not hold sensitive data.

GDPR rights (informed, access, rectification, erasure, restricting, portability, right to object)

How we share data.

Question 6

How does your company comply with GDPR 2018?

Answer 6

Ensuring that all data held is processed in accordance with the Data Protection Act.

Safeguarding of clients data by using individual password protected laptops with secure server storage and operating a clear desk policy.

Question 7

What does the GDPR protect?

Answer 7

– Names /addresses
– Health and generic data
– Racial and etnic data
– Sexual orientation

Question 8

What are the penalties of GDPR?

Answer 8

• Less severe breaches: Up to 10 million euros or 2% of the companies turnover.
• More severe breaches: Up to 20 million euros or 4% of the companies turnover.

Question 9

What are the key principles of GDPR?

Answer 9

– Lawfulness, fairness and transparency.
– Purpose limitation.
– Data minimisation.
– Accuracy.
– Storage limitation.
– Security
– Accountability.

Question 10

Who enforces GDPR?

Answer 10

The Information Commissioner’s Office (ICO)

Question 11

What is an EDMS?

Answer 11

Electronic Data Management System

Question 12

What are the benefits of EDMS?

Answer 12

– Securing data
– Enhanced efficiency by eliminating physical clutter and improving document accessibility.
– Ease of access to information quickly and reliably, improving overall productivity.

Question 13

What is your understanding of the term Confidentiality?

Answer 13

Where information is provided but is subject to confidence and not shared without permission.

Question 14

How does your firm protect clients data?

Answer 14

– Password protected laptops with encrypted servers.
– Clear desk policies

Question 15

What are the benefits of cloud-based storage systems?

Answer 15

– Information is backed up securely on encrypted servers.
– Accessibility can be managed via online settings.
– Lower cost than physically storing and managing files.
– Convenient to send and share files online instead of mailing physical copies.
– Cloud systems are environmentally friendly.
– Multiple users can access the same documents.
– Documents and folder systems can be synchronized.

Question 16

What is your understanding of Intellectual Property and Copyright?

Answer 16

• This is the right to control the use and ownership of original works.
• Work generally created by an employee usually belongs to their employer unless copyrights are put in place.
• It is common within construction for a client to be granted license for use and reproduction of copyright material which should be clearly defined.
• This could be the right to use a particular design by a subcontracting specialist who retains control of the original copyright.

Question 17

What is the Freedom of Information Act 2005?

Answer 17

• This is the primary piece of UK legislation that controls the access to official information.
• The act permits the public right of access to information held by public authorities.
• Information must also be published through the public authorities publication scheme.
• The act covers all information held and not just information since the act came into effect.

Question 18

What is the meaning of a non-disclosure agreement?

Answer 18

Non-disclosure agreements /confidentiality agreement is a legally binding contract to protect against the disclosure or sharing of any confidential data.

Question 19

If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?

Answer 19

• I would make the client aware of the risks involved and check their understanding of the conflict of interest.
• I would ensure a letter of instruction to continue was obtained from the client.
• Exclusivity of staff would be arranged.
• The use of non-disclosure agreements would be considered.
• Separate working locations from each of the teams would need to be put in place.
• Secure document and data storage would be arranged to be used exclusively for the separate teams.

Question 20

What are a person’s rights under the Data Protection Act?

Answer 20

• To be informed about how their data is being used.
• The right to access their data.
• The right to have incorrect information updated.
• To have their data erased.
• To stop or restrict the processing of their data.
• The right of portability.
• To object to the use of their data.

Question 21

Who are the key persons outlined within GDPR?

Answer 21

Controller - The controller determines the purposes and means of the processing of personal data (employer).

Processor - A person that processes personal data on behalf of the controller.

Data Protection Officer (DPO) - The Data Protection Officer is responsible for overseeing the data protection approach, strategy, and its implementation.

Question 22

What are the 8 individual rights under GDPR?

Answer 22

• The right to be informed.
• The right of access.
• The right of rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• Rights of automated decision making and profiling.

Question 23

What different sources of information do you use in your day-to-day surveying?

Answer 23

• RICS Documents (Professional Standards /Practice Information).
• Contract Documentation.
• Tenders.
• Specialist sub-contractor information.

Question 24

How do companies ensure compliance with the Data Protection legislation generally?

Answer 24

• Only retain data they need to perform their day-to-day operations.
• Data is held securely.
• Information is kept up to date and delete information they no longer need.

Question 24

How do you manage information to ensure compliance with the data legislation?

Answer 24

• All documents are kept electronically on a secure encrypted server.
• I dispose of confidential waste in my firms locked confidential waste bin.
• I lock my computer when away from my desk and comply with my firms IT security policies by regularly changing passwords.
• If I am sharing or processing information not available in the public domain from a previous project, I always obtain the clients written permission to do so.

Question 25

What is copyright?

Answer 25

Prevents unauthorised copying of original work.

Question 26

Can you give me some example of the data you manage?

Answer 26

• Client details
• Contract details
• Project details

Question 27

What is the limitations act?

Answer 27

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales.

Provides timescales for which actions may be taken for a claim /breaches of the law.

Question 28

What should you do if there is a data breach?

Answer 28

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

Question 29

Does GDPR apply post BREXIT?

Answer 29

Yes, GDPR was converted into UK Law in 2021 under the titles UK GDPR.

UK government will control the UK GDPR as opposed to the European union.

Question 30

Who does the Freedom of Information Act apply to?

Answer 30

Public right of access to information held by public authorities.

Question 31

How does your company use a form of data management and why is this successful?

Answer 31

Mail management system.

All email correspondence is stored on a secure electronic job file securely and helps manage data appropriately.

Question 32

What is your firms Data Protection Policy?

Answer 32

The policy sets out compliance with the Data Protection Act 2018.

This outlines how data is retained and secured by the firm.

This includes a Data Retention Approach: That personal data will be retained for no longer than is necessary.

Information on how long data is held for (emails, financial information etc.)

Question 33

What is personal information under GDPR?

Answer 33

Information relating to the identity of an individual.
This could be:
- Name
- Signature
- Address
- Phone number
- Date of birth

Question 34

How should a firm handle personal information?

Answer 34

Only process personal information that is necessary.

Question 35

What is sensitive data and how should this be processed?

Answer 35

You are required to document a lawful reason for processing this information under GDPR.
Sensitive Data includes:
* Ethnic or racial origin.
* Political opinions.
* Cultural or social identity.
* Religion /beliefs;
* Genetic data.

Question 36

How do you report a Data Breach /When?

Answer 36

Data Breaches are reported to the ICO (Information Commissioners Office) online.

Must be reported in the first 72 hours after discovering a breach.

Question 37

What is the ICO?

Answer 37

The Information Commisioners Office.

Independent authority for data protection in the UK

Question 38

What is the purpose of the Data Protection Act?

Answer 38

To protect individuals’ rights regarding their personal information and how it is used.

Question 39

What are the penalties for a breach of GDPR?

Answer 39

There are two tiers of penalty – the higher maximum and the standard maximum.

Standard: £8.7 million or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

Higher: £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher