Data Management Flashcards
What are the 7 principles of Data Protection Act 2018? (AKA 7 principles of GDPR)
Lawfulness, fairness, transparency
Accuracy
Accountability
Purpose limitation
Storage limitation
Data minimisation
Integrity and confidentiality
(LAAP SDI)
Examples of personal data under GDPR that could apply to property companies?
Data relating to:
investors, fund managers, valuations, compliance, background checks by HR etc
IF CV
When did GDPR come into effect
25 May 2018
What is GDPR?
EU General Data Protection Regulation
What is the purpose of GDPR?
Protect citizens personal data
To what organisations does GDPR apply?
All organisations of more that 250 employees
What are penalties for GDPR breaches?
4% of annual global turnover or £17.5million pounds.
How are data breaches typically discovered?
Access logs, reported thefts, lost equipment or data security incident
(ATLS)
Examples of data held by surveying practices?
Payroll and HR
Customer data for marketing
Emails and corrspondance relating to clients and employees
(CEP)
What Act implemented GDPR in the UK?
Data Protection Act (2018)
Disadvantages of the systems you use?
Rely on data input completed by others - human error
External systems - firm is not in control of security
Not user friendly and lots of staff training required!
(HES)
What is the purpose of Data protection Act 2018?
Aims to create single data protection regime for anyone doing business in EU and to empower individuals to take control of how their data is used by third parties.
Aswell as governing personal data covered by GDPR, it covers all general data that was covered previously under 1998 Act
What are the 8 individual rights under GDPR
Right to be informed
Right of access
Right of rectification
Right to erasure
Right to restrict processing
Right to data portability (to use for own purposes)
Right to object
Right to automated decision making and profiling (as undertaken by insurance companies)
I,A,R,E R D,O,D
What are some of the data security technologies you could use?
Disk encryption
Back-ups off site
Password protection
Anti-virus software protection
Firewalls and disaster recovery procedures
(FAB DP)
RICS best practice points for complying with GDPR?
Conduct data review
Anonymise data where possible
Encrypt everything where possible
CAE
Treat commercial data in same way as personal data, even though not covered by GDPR