Data Management Flashcards
Can you name three pieces of legislation relevant to data management?
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Freedom of Information Act 2005
What are some data security technologies?
Two factor authentication
Passwords
Disk encryption
Regular off-site back ups
Virtual Private Network
Anti-virus software
Firewalls
When did the UK GDPR legislation change and what changed?
UK GDPR was almost entirely transcribed from the EU GDPR and is supplemented with the Data Protection Act 2018
What is a firewall?
It is a network security device that monitors traffic to and from your network and blocks anything that appears dangerous
What is a Virtual Private Network?
A mechanism for creating a secure network for computers and servers
What are some of the principles of UK GDPR?
Data must be processed lawfully, fairly and transparently
Data must be used for specified, explicit purposes
Used in a way that is relevant and limited to what’s necessary
Accurate and kept up to date
Data is retained for only as long as necessary
Handled in a way that is secure
What is personal data?
Any data that can be used to identify a natural person, so name, address, a photo an email address, bank details, social networking profiles, medical information
What are individual rights under the UK GDPR/DPA
Right to be informed how data is used
Right to access personal data
Right to correct data
Right to have your data erased
Right to stop or restrict processing of your data
Right to data portability
What happens if a breach occurs?
Must report to the Information Commissioners Office (ICO) within 72 hours if there is a risk to individuals
What are the maximum penalties?
Up to 4% of global turnover, or £17.5m, whichever is greater.
What is your understanding of the term Confidentiality?
Information shared with you is not to be shared with another party, unless they have been given permission too
What is the Freedom of Information Act 2000
The act permits the public right of access to information held by public authorities.
If two separate departments within your firm were working for two
rival companies how would you ensure client sensitive data was
managed?
I would make the client aware of the risks involved and check their understanding of the conflict of interest.
Separate working locations from each of the teams would need to be put in place.
Secure document and data storage would be arranged to be used exclusively for the separate teams.
How do you manage these sources of information to ensure
compliance with the legislation?
The electronic information is kept securely on encrypted servers
I am always sure to lock my computer when away from my desk
How is data kept securely on C&Cos in house database?
All data is stored on an encrypted server that has regular off site back ups. It can only be accessed by employees who are either plugged into the server or accessing it via a VPN.
Talk us through the process of data extraction and analysis for the UKH Benchmarking Report?
A survey goes out to all of UKH members, requesting financial and property information. This data is anonymised by UKH and then provided to us in raw format.
The raw data is then consolidated into different segments, such as casual dining, food-led pubs, hotels, wine bars, nightclubs and others, and then analysed to understand how this has changed over time.
What conclusions did the data analysis help you make?
The trend of rising operating costs was unfortunately continuing. Interestingly, this was driven by rising utility costs and staffing costs were actually lower as staffing efficiencies from furlough were realised.
Accommodation-led businesses saw the greatest like-for-like revenue growth as the staycation trend helped regional room focussed businesses capitalise on demand.
Did you have to sign an NDA for the disposal of the 60 properties?
Yes, a non-disclosure agreement was signed
Why did you have to sign an NDA?
So that the confidential data being shared with us is prevented from being shared to other recipients
Did the deal go ahead?
It is still ongoing so I cant share any information on the company or properties
What is your understanding of Intellectual Property and Copyright?
This is the right to control the use and ownership of original works.
Work generally created by an employee usually belongs to their employer unless copyrights are put in place
What are the benefits of cloud-based storage systems?
Cheaper
Backed up securely to encrypted servers
Environmentally friendly
Convenient
More efficient for working in teams
What sources of data do you use on a daily basis?
Benchmarking data
Comparable evidence/transactional data
Business planning data - invoice forecasting, quote tracking
Financial data
Capital expenditure data
Who are the key persons outlined within GDPR?
Data controller - person in charge of how data is processed (eg. employer is data controller of employees data)
Data processor - person that process data on behalf of a data controller
Data Protection Officer - responsible for overseeing data protection strategy