Data Management

Question 1

Can you name three pieces of legislation relevant to data management?

Answer 1

UK General Data Protection Regulation (UK GDPR)

Data Protection Act 2018

Freedom of Information Act 2005

Question 2

What are some data security technologies?

Answer 2

Two factor authentication

Passwords

Disk encryption

Regular off-site back ups

Virtual Private Network

Anti-virus software

Firewalls

Question 2

When did the UK GDPR legislation change and what changed?

Answer 2

UK GDPR was almost entirely transcribed from the EU GDPR and is supplemented with the Data Protection Act 2018

Question 3

What is a firewall?

Answer 3

It is a network security device that monitors traffic to and from your network and blocks anything that appears dangerous

Question 4

What is a Virtual Private Network?

Answer 4

A mechanism for creating a secure network for computers and servers

Question 5

What are some of the principles of UK GDPR?

Answer 5

Data must be processed lawfully, fairly and transparently

Data must be used for specified, explicit purposes

Used in a way that is relevant and limited to what’s necessary

Accurate and kept up to date

Data is retained for only as long as necessary

Handled in a way that is secure

Question 6

What is personal data?

Answer 6

Any data that can be used to identify a natural person, so name, address, a photo an email address, bank details, social networking profiles, medical information

Question 7

What are individual rights under the UK GDPR/DPA

Answer 7

Right to be informed how data is used
Right to access personal data
Right to correct data
Right to have your data erased
Right to stop or restrict processing of your data
Right to data portability

Question 8

What happens if a breach occurs?

Answer 8

Must report to the Information Commissioners Office (ICO) within 72 hours if there is a risk to individuals

Question 9

What are the maximum penalties?

Answer 9

Up to 4% of global turnover, or £17.5m, whichever is greater.

Question 10

What is your understanding of the term Confidentiality?

Answer 10

Information shared with you is not to be shared with another party, unless they have been given permission too

Question 11

What is the Freedom of Information Act 2000

Answer 11

The act permits the public right of access to information held by public authorities.

Question 12

If two separate departments within your firm were working for two
rival companies how would you ensure client sensitive data was
managed?

Answer 12

I would make the client aware of the risks involved and check their understanding of the conflict of interest.

Separate working locations from each of the teams would need to be put in place.

Secure document and data storage would be arranged to be used exclusively for the separate teams.

Question 13

How do you manage these sources of information to ensure
compliance with the legislation?

Answer 13

The electronic information is kept securely on encrypted servers

I am always sure to lock my computer when away from my desk

Question 14

How is data kept securely on C&Cos in house database?

Answer 14

All data is stored on an encrypted server that has regular off site back ups. It can only be accessed by employees who are either plugged into the server or accessing it via a VPN.

Question 15

Talk us through the process of data extraction and analysis for the UKH Benchmarking Report?

Answer 15

A survey goes out to all of UKH members, requesting financial and property information. This data is anonymised by UKH and then provided to us in raw format.

The raw data is then consolidated into different segments, such as casual dining, food-led pubs, hotels, wine bars, nightclubs and others, and then analysed to understand how this has changed over time.

Question 16

What conclusions did the data analysis help you make?

Answer 16

The trend of rising operating costs was unfortunately continuing. Interestingly, this was driven by rising utility costs and staffing costs were actually lower as staffing efficiencies from furlough were realised.

Accommodation-led businesses saw the greatest like-for-like revenue growth as the staycation trend helped regional room focussed businesses capitalise on demand.

Question 17

Did you have to sign an NDA for the disposal of the 60 properties?

Answer 17

Yes, a non-disclosure agreement was signed

Question 18

Why did you have to sign an NDA?

Answer 18

So that the confidential data being shared with us is prevented from being shared to other recipients

Question 19

Did the deal go ahead?

Answer 19

It is still ongoing so I cant share any information on the company or properties

Question 20

What is your understanding of Intellectual Property and Copyright?

Answer 20

This is the right to control the use and ownership of original works.

Work generally created by an employee usually belongs to their employer unless copyrights are put in place

Question 21

What are the benefits of cloud-based storage systems?

Answer 21

Cheaper
Backed up securely to encrypted servers
Environmentally friendly
Convenient
More efficient for working in teams

Question 22

What sources of data do you use on a daily basis?

Answer 22

Benchmarking data
Comparable evidence/transactional data
Business planning data - invoice forecasting, quote tracking
Financial data
Capital expenditure data

Question 22

Who are the key persons outlined within GDPR?

Answer 22

Data controller - person in charge of how data is processed (eg. employer is data controller of employees data)

Data processor - person that process data on behalf of a data controller

Data Protection Officer - responsible for overseeing data protection strategy