Data Management

Question 1

What are the key requirements of Data protection act?

Answer 1

Conduct data protection impact assessment for high risk holding of data.

‘Data accountability’ businesses proving to ICO how they comply with regulations.

Have a ‘controller’ decides how and why personal data is processed and directly responsible for GDPR.

report breach to ICO in 72 hours

Question 2

Why were the regulations consolidated?

Answer 2

Create a single data protection regime affecting businesses and empower individuals to learn how and why their data is processed by businesses.

Question 3

What are your company’s compliance procedures?

Answer 3

All our data is in a secure filing system, only accessible by password protected computers.
When the information is no longer needed the data is removed

Question 4

What are the key principles of GDPR?

Answer 4

Purpose limitation
Accountability
Integrity and Confidentiality
Data minimisation
Storage limitation
Accuracy
Lawfulness

Question 5

What are the individual rights of GDPR?

Answer 5

1. Right to be informed.
2. Right to access.
3. Right to amend.
4. Right to erase.
5. Right to portability
6. Right to restrict process
7. Right to object.
8. Right to automated decision making.

Question 6

What databases have you used?

Answer 6

CoStar.
LandInsight.

Question 7

What are the limitations of these databases?

Answer 7

Relies on third party information, need to check the information is correct

Question 8

What are the benefits of using a dataroom to share information?

Answer 8

Parties can easily send people information without information being lost as its circulated in emails.

Question 9

What information was included in the dataroom?

Answer 9

Planning information.
Building specification.
Engineering drawings.
Legal documents.
Formal tender process documents

Question 10

How did you ensure the data was kept secure?

Answer 10

It was password protected for each individual user.

Question 11

How do you ensure the information is kept up to date?

Answer 11

Verify data with parties involved in the transaction.

E.g. if unit was u/o, would ask in the future if the sale was completed.

Question 12

What does it mean to be GDPR compliant?

Answer 12

Your business’s processes are in line with GDPR.

Question 13

If you collate information from various sources, how would you store this data to allow for easy analysis?

Answer 13

I would keep in our online filing system on a clearly name file in the appropriate project that it relates to.

Question 14

How can you keep data stored securely?

Answer 14

On a filing system only accessible from our password protected computers.

Question 15

What is copyright?

Answer 15

Exclusive rights granted to the producer of any of their own work. Form of IP.

Question 16

What is the Freedom of Information Act 2000?

Answer 16

Gives individuals the right to access any information from public bodies.
Must give in 20 working days.

Unless contrary to GDPR requirements or prejudice criminal matter

Question 17

What is a non-disclosure agreement? What happens if you break one?

Answer 17

Legally binding, not allowed to talk about the subject with others.
Can be sued for damages.

Question 18

Key Principles of Data Protection Act

Answer 18

Act lawfully
Limit data for purpose
Remove data when finished
process data securely

Question 19

Data Protection Act Purpose

Answer 19

gives people right to be informed on how their data is processed