Data Management

Question 1

What is data management?

Answer 1

The practice of collecting, keeping, and using data securely, efficiently and cost-effectively.

Question 2

When collecting data from various sources, what should one do?

Answer 2

• Verify;
• Accuracy;
• Up to date;
• Reliable.

Question 3

What is GDPR?

Answer 3

General Data Protection Regulation.

Question 4

What is the UK’s implementation of GDPR?

Answer 4

The Data Protection Act 2018.

Question 5

What is GDPR for?

Answer 5

• Harmonise data privacy laws across Europe;
• Give greater protection and rights to individuals

Question 6

What are the 8 rights under GDPR?

Answer 6

• Right to be informed;
• Right of access;
• Right to object;
• Right to rectification;
• Right to restrict processing;
• Right to data portability;
• Right to be forgotten (erasure);
• Rights in relation to automated decision making and profiling.

Question 7

What laws were in place before GDPR?

Answer 7

Data Protection Act 1998.

Question 8

Who does GDPR affect?

Answer 8

All companies that collect or process personal information on EU citizens regardless of where they are based.

Question 9

What are the penalties for non-compliance with GDPR?

Answer 9

• Which ever is greater of the two:
  
  • Fine of up to 10 million Euro’s (equivalent to £17.5m) or;
  • 4% of annual turnover.

Question 10

What are six principles under GDPR?

Answer 10

• Lawfulness, fairness and transparency;
• Purpose limitation;
• Data minimisation;
• Accuracy;
• Storage limitation;
• Integrity and confidentiality (security);
• Accountability.

Question 11

Who enforces GDPR?

Answer 11

Information Commissioner’s Office (ICO).

Question 12

What are some different sources of data?

Answer 12

• BCIS;
• In-house data from past projects;
• Tender returns;
• Pricing books.

Question 13

How is historic data used for current day projects?

Answer 13

• Ensure it’s relevant information in terms of scope/size etc;
• Use location/date indices to bring it to present day;
• If using for benchmarking, any sensitive information is hidden/removed such as project/client names and etc. before presenting.

Question 14

Why would you use in-house data over BCIS?

Answer 14

• As useful as BCIS is, in-house data can be very bespoke if we do the same type of building in the same place regularly.

Question 15

What are the risks associated with using BCIS?

Answer 15

• Lack of accuracy as BCIS is based on average construction costs and may not accurately reflect the specific conditions of a project.
• Lack of scope of a project.
• BCIS is using predetermined indices/costs and may not reflect what the market is experiencing.
• Dependency on BCIS methodology and data collection practices could result in incorrect indices that can affect cost plans/estimates.

Question 16

How would you protect data/information?

Answer 16

• Information barrier;
• Clean desk policy;
• Take calls in private;
• Password protect files;
• Encrypted files;
• Sign NDA.

Question 17

What is an information barrier and what needs to be in place before this can be established?

Answer 17

• It is a physical or electronical separation of individuals or groups within a firm that prevents confidential information passing between them;
• All clients must have given informed consent to manage conflict of interest using an information barrier.

Question 18

What are some of the ways data could be breached?

Answer 18

• Employee mistakes;
• Equipment failure;
• Hacking;
• Cyber-attacks;
• Malware;
• Loss of equipment;

Question 19

What has the RICS published in regards to social media?

Answer 19

Use of Social Media: Guidance for RICS Members (Version 1).

Question 20

Why may RICS investigate a social media post?

Answer 20

• If discriminatory, dishonest, abusive, threatening (break of equality Act 2010);
• Bully, harass or victimise another person or people;
• Show a frequent pattern or high number of concerning posts;
• Ignore previous advice or warning about RICS concerns or request from RICS to remove a post.

Question 21

If there has been data breach, what should you do?

Answer 21

• Consider whether the information is personal data protected by legislation, or information that is confidential for some other reason (for example T&C’s of engagement with client);
• Follow procedures to report breaches, including to clients and to regulators (ICO) where necessary;
• Inform insurers and ensure adequate cover is available to cover against the effects of a major personal data breach;
• Identify what could be done differently to reduce the risk of the same thing happening again;
• Destroy any confidential information that is sent to you accidently.

Question 22

How long can companies retain client information?

Answer 22

Under UK GDPR, there is no specific time period set out, however, this does not mean companies are allowed to retain client information indefinitely. Instead, companies should adequately determine the period of data retention based on the use and type of data that is being stored and in doing so, not held for any longer than is necessary.

Question 23

Up to how long can claims be brought forward by a client and what legislation underpins this?

Answer 23

• Limitation Act 1980;
• Claims can be brought up to six years from date of breach if executed under hand;
• This can be extended to 12 years if contract was executed under deed;
• Claims can also be brought up to 12 years from date of knowledge of the damage, subject to a 15 years long stop date.