Data Management

Question 1

`What are sources of cost data?

Answer 1

BCIS - Building Cost Information Service Data - intended to measure the trend of contractors pricing levels in accepted tenders.
SPONS -
In-house data - e.g Gleeds benchmarking

Question 2

Why would you need to adjust costs for projects using BCIS?

Answer 2

Every project is different and therefore this affects costs.

Question 3

How do you adjust for location on BCIS?

Question 4

What is GDPR?

Answer 4

General data protection regulation which was formerly known as the data protection act 2018.

Question 5

What types of data systems are used in your organisation?

Answer 5

Our T Drive which includes
Shared hard drives
Backup servers
microsoft teams
backup servers

Question 6

what is a project extranet? Pls list some advantages and disadvantages

Answer 6

a computer network that allows external parties to view project files on a secure platform.

Advantages

Question 7

What is the data protection act 2018

Answer 7

Used to control your personal information which is used by organisations, governments and businesses. It is the UKs implementation of GDPR.

Question 8

What is the purpose of GDPR?

Answer 8

Its a regulated EU law on data which protects privacy in the EU and addresses the transfer of personal data outside the EU.

Question 9

Who are the key persons under GDPR?

Answer 9

1. Data controller - is the how and why
2. Data processor - does it on behalf of the controller
3. Data subject - the person
4. Data protection officer - guarantor of compliance

Question 10

What constitutes personal data?

Answer 10

Any information that relates to a ‘data subject’ that can be used to identify the person, name, photo, email, address, posts on social networking.

Question 11

What is a data controller

Answer 11

The how and why

Question 12

What is a data processor

Answer 12

Working on behalf of the controller

Question 13

What is a data subject

Answer 13

The person whos data is it

Question 14

What is a data protection officer

Answer 14

The person who guarantee’s compliance.

Question 15

What are the 7 principles of GDPR?

Answer 15

1. Lawfulness, fairness, and transparency  = You should have a reason for processing data, you shouldn’t withhold information about what or why you’re collecting data and therefore should be open about the process.
2. Purpose Limitation - data is “collected for specified, explicit, and legitimate purposes” and must be clearly established.
3. Data minimization - Only collect the smallest amount of data you’ll need to complete your purposes.
4. Accuracy  - It’s up to you to ensure the accuracy of the data you collect and store. Set up checks and balances to correct, update, or erase incorrect or incomplete data that comes in.
5. Storage limitation - justify the length of time you’re keeping each piece of data you store.
6. Accountability  - You must have appropriate measures and records in place as proof of your compliance with the data processing principles. 

Question 16

What are the 8 rights under GDPR?

Answer 16

The right to be informed – organisations must be completely transparent in how they are using personal data (personal data may include data such as a work email and work mobile if they are specific to an individual).

The right of access - individuals have the right to know exactly what information is held about them and how it is processed.

The right of rectification - individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.

The right to erasure - also known as ‘the right to be forgotten’, this refers to an individual’s right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.

The right to restrict processing - an individual’s right to block or suppress processing of their personal data.

The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.

The right to object - in certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.

Rights of automated decision making and profiling - the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.

Question 17

Who enforces GDPR?

Answer 17

The information commissioners office.

Question 18

What is the freedom of information act 2000

Answer 18

provides public access to info held by public authorities. Does this in 2 ways;
1. Authorities publish info about certain certain info in relation to their activities.

2. Members of the public can request information from public authorities.

Question 19

If you need to destroy documents, what should you consider?

Answer 19

Is it an original document

Could it be used for litigation

Does the document relate to a live project

Is a back up copy available

Question 20

Are they ways we can protect dated when we are transferring it on a clients behalf.

Answer 20

Encryption
recorded special delivery
Secure network and software

Question 21

What is an information barrier?

Answer 21

Physcial and/or electrical separation of individuals within the same firm with the aim to protect confidential infromation.

Question 22

What is ISO 9001?

Answer 22

It is a quality accreditation certificate, focusing on QMS run by the international organisation for standardization.

Question 23

Why is is ISO 9001 important?

Answer 23

It promotes customer confidence, effective complaint resolution and process improvement.

Question 24

What happens if you don’t comply with GDPR?

Answer 24

fines and sanctions, civil claims, data subject complaints, brand damage, loss of reputation and loss of trust. What’s more, the Information Commissioner’s Office (ICO) can also consider whether a prosecution is warranted against any individuals in a position of responsibility, such as a director or other senior manager, where the offence was committed with their consent, connivance or attributable to their neglect.