Data Management Flashcards
`What are sources of cost data?
BCIS - Building Cost Information Service Data - intended to measure the trend of contractors pricing levels in accepted tenders.
SPONS -
In-house data - e.g Gleeds benchmarking
Why would you need to adjust costs for projects using BCIS?
Every project is different and therefore this affects costs.
How do you adjust for location on BCIS?
What is GDPR?
General data protection regulation which was formerly known as the data protection act 2018.
What types of data systems are used in your organisation?
Our T Drive which includes
Shared hard drives
Backup servers
microsoft teams
backup servers
what is a project extranet? Pls list some advantages and disadvantages
a computer network that allows external parties to view project files on a secure platform.
Advantages
What is the data protection act 2018
Used to control your personal information which is used by organisations, governments and businesses. It is the UKs implementation of GDPR.
What is the purpose of GDPR?
Its a regulated EU law on data which protects privacy in the EU and addresses the transfer of personal data outside the EU.
Who are the key persons under GDPR?
- Data controller - is the how and why
- Data processor - does it on behalf of the controller
- Data subject - the person
- Data protection officer - guarantor of compliance
What constitutes personal data?
Any information that relates to a ‘data subject’ that can be used to identify the person, name, photo, email, address, posts on social networking.
What is a data controller
The how and why
What is a data processor
Working on behalf of the controller
What is a data subject
The person whos data is it
What is a data protection officer
The person who guarantee’s compliance.
What are the 7 principles of GDPR?
- Lawfulness, fairness, and transparency = You should have a reason for processing data, you shouldn’t withhold information about what or why you’re collecting data and therefore should be open about the process.
- Purpose Limitation - data is “collected for specified, explicit, and legitimate purposes” and must be clearly established.
- Data minimization - Only collect the smallest amount of data you’ll need to complete your purposes.
- Accuracy - It’s up to you to ensure the accuracy of the data you collect and store. Set up checks and balances to correct, update, or erase incorrect or incomplete data that comes in.
- Storage limitation - justify the length of time you’re keeping each piece of data you store.
- Accountability - You must have appropriate measures and records in place as proof of your compliance with the data processing principles.
What are the 8 rights under GDPR?
The right to be informed – organisations must be completely transparent in how they are using personal data (personal data may include data such as a work email and work mobile if they are specific to an individual).
The right of access - individuals have the right to know exactly what information is held about them and how it is processed.
The right of rectification - individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
The right to erasure - also known as ‘the right to be forgotten’, this refers to an individual’s right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
The right to restrict processing - an individual’s right to block or suppress processing of their personal data.
The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.
The right to object - in certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
Rights of automated decision making and profiling - the GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.
Who enforces GDPR?
The information commissioners office.
What is the freedom of information act 2000
provides public access to info held by public authorities. Does this in 2 ways;
1. Authorities publish info about certain certain info in relation to their activities.
- Members of the public can request information from public authorities.
If you need to destroy documents, what should you consider?
Is it an original document
Could it be used for litigation
Does the document relate to a live project
Is a back up copy available
Are they ways we can protect dated when we are transferring it on a clients behalf.
Encryption
recorded special delivery
Secure network and software
What is an information barrier?
Physcial and/or electrical separation of individuals within the same firm with the aim to protect confidential infromation.
What is ISO 9001?
It is a quality accreditation certificate, focusing on QMS run by the international organisation for standardization.
Why is is ISO 9001 important?
It promotes customer confidence, effective complaint resolution and process improvement.
What happens if you don’t comply with GDPR?
fines and sanctions, civil claims, data subject complaints, brand damage, loss of reputation and loss of trust. What’s more, the Information Commissioner’s Office (ICO) can also consider whether a prosecution is warranted against any individuals in a position of responsibility, such as a director or other senior manager, where the offence was committed with their consent, connivance or attributable to their neglect.
