Data Management Flashcards

1
Q

What are the 7 principles of Data Protection Act 2018? (AKA 7 principles of GDPR)

A

Lawfulness, fairness, transparency

Accuracy

Accountability

Purpose limitation

Storage limitation

Data minimisation

Integrity and confidentiality

(LAAP SDI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Examples of personal data under GDPR that could apply to property companies?

A

Data relating to:

investors, fund managers, valuations, compliance, background checks by HR etc

IF CV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When did GDPR come into effect

A

25 May 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is GDPR?

A

EU General Data Protection Regulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of GDPR?

A

Protect citizens personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To what organisations does GDPR apply?

A

All organisations of more that 250 employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are penalties for GDPR breaches?

A

4% of annual global turnover or £17.5million pounds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are data breaches typically discovered?

A

Access logs, reported thefts, lost equipment or data security incident
(ATLS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Examples of data held by surveying practices?

A

Payroll and HR

Customer data for marketing

Emails and corrspondance relating to clients and employees

(CEP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What Act implemented GDPR in the UK?

A

Data Protection Act (2018)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Disadvantages of the systems you use?

A

Rely on data input completed by others - human error

External systems - firm is not in control of security

Not user friendly and lots of staff training required!

(HES)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of Data protection Act 2018?

A

Aims to create single data protection regime for anyone doing business in EU and to empower individuals to take control of how their data is used by third parties.

Aswell as governing personal data covered by GDPR, it covers all general data that was covered previously under 1998 Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 8 individual rights under GDPR

A

Right to be informed

Right of access

Right of rectification

Right to erasure

Right to restrict processing

Right to data portability (to use for own purposes)

Right to object

Right to automated decision making and profiling (as undertaken by insurance companies)

I,A,R,E R D,O,D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some of the data security technologies you could use?

A

Disk encryption

Back-ups off site

Password protection

Anti-virus software protection

Firewalls and disaster recovery procedures

(FAB DP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RICS best practice points for complying with GDPR?

A

Conduct data review

Anonymise data where possible

Encrypt everything where possible

CAE

Treat commercial data in same way as personal data, even though not covered by GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is ‘right to be forgotten’ under GDPR?

A

Under Article 17 of GDPR, individuals have right to have personal data erased in certain circumstances

Data no longer necessary

Data been processed unlawfully

17
Q

What is SAR?

A

Subject Access Request:

It demands that the individual be given all the information that a company holds on them.

18
Q

What is the ‘right to access’ under GDPR?

A

Individuals have the right to obtain confirmation that their data is being processed, and access to their personal data

19
Q

When would you report a data breach?

A

Need to report within 72 hours of becoming aware of breach

If breach high risk, then need to notify individual without delay

20
Q

What is data portability?

A

Right for data subject to receive personal data concerning them which they have previously provided, and have it transmitted to another controller.

21
Q

What is data protection officer?

A

An individual appointed to monitor internal compliance and advise on an organisations data protection obligations

Only required if organisation is public body, authority or carrying out certain type of processing activity

22
Q

What is privacy by design?

A

data protection through technology design

23
Q

What are the obligations imposed by GDPR?

A

Knowledge of data you store.

Need to be able to (Provide information on how data is used) and the rights of individuals regarding their data

Need to be able to (Demonstrate data is being managed in compliant manner).

Must be able to (Delete every instance of an individuals data) - in compliance with ‘right to be forgotten’

(Must keep data in format that allows portability) to another data processor, should the need arise

24
Q

What is a Freedom of Information Act ?

A

Act of parliament that creates a public right of access

Allows an individual to request access to information held by a public body

Public body is required to provide that information (within 20 working days) in requested format

They can charge a fee for this

25
Q

What is an information barrier and how should it be enforced?

A
  1. Different surveyor should act for each client.
  2. They must be physically separated preferably in different
    buildings or on different floors with separate support teams.
  3. All information regarding the instruction should be securely stored.
  4. The firms compliance officer must oversee all actions.
26
Q

Who regulates GDPR in the UK?

A

Information Commissioners Office