Data Management

Question 1

What is the UK General Data Protection Regulation (2020) and Data Protection Act 2018

Answer 1

UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998).

It gives people right to be informed about how their personal information is used.

Question 2

What is a Data Controller?

Answer 2

Decide how and why personal data is processed and is directly responsible for GDPR.

Question 3

What are the principles of UK GDPR?

Answer 3

• Lawfulness, fairness and transparency.
• Purpose limitation.
• Data minimisation.
• Accuracy.
• Storage limitation.
• Integrity and confidentiality (security)
• Accountability.

Question 4

What are the 8 Individual Rights under GDPR?

Answer 4

1. Be informed
2. Access
3. Rectification
4. Erasure
5. Restrict processing
6. Data portability (use data for their own purposes)
7. Object
8. Rights to automated decision making and profiling (as undertaken by insurance companies).

Question 5

What is the Freedom of Information Act 2000

Answer 5

Gives individuals the right to access information held by public bodies.
* Public body must tell individual requesting the data whether it holds it
* Public body must supply data in 20 working days in the format requested.
* It can charge for the provision of the information.

Question 6

Are you aware of any RICS guidance relating to data?

Answer 6

‘Data Handling and Prevention of Cybercrime’ consultation

Question 7

Who is the Data Protection Officer at your company?

Answer 7

GM

Question 8

Is breaching GDPR a criminal or civil offence?

Answer 8

Criminal offence

Question 9

What is Data Accountability?

Answer 9

Ensures organisations prove to the Information Commissioners Office (ICO) that they comply with new regs.

Question 10

What is the fine for a data breach?

Answer 10

4% global turnover of the company or £17.5m (whichever is greater)