Data Management Flashcards
1
Q
What is GDPR?
A
- General Data Protection Regulation
- It is a legal framework that sets guidelines for the collection and processing of personal information
- Introduced by the EU
2
Q
What is the Freedom of Information Act?
A
- It provides a public right of access to information held by public authorities
- Public authorities are obliged to publish certain information about their activities
- Any member of the public can request information
3
Q
What is the Data Protection Act 2018?
A
- Controls how personal information is used by organisations, businesses or the government, in the UK
- it sits alongside the GDPR and tailor how the GDPR applies in the UK
4
Q
What is the BCIS / what does it provide?
A
- Building Cost Information Service
- Provides access to construction cost data to assist professionals in preparing early cost advice (estimating, cost planning and benchmarking)
5
Q
How long do you need to keep data for?
A
- 6 years – if the contract is signed underhand
- 12 years – if the contract is signed as a deed
However: - 15 years – recommended time as this is the maximum length of time a claim can be made against professional negligence
6
Q
How do your store data in your organisation?
A
- Shared hard drives
- Online storage systems such as the cloud/dropbox
- Software such as MS Teams
7
Q
If you had two different departments within your company working for rival clients, how would you protect the commercially sensitive client data?
A
- Exclusivity of staff working for each of the clients
- Have Non-disclosure agreements (NDAs) in place
- Dedicated servers
- Restricted access to certain folders on the system
- Anti-virus protection
- Shred any confidential information
8
Q
How does your company ensure compliance with the Data Protection Regulations generally?
A
- They only retain data that is needed to perform day-to-day operations.
- If they are retaining data they ensure the person is kept informed as to why they have it.
- They hold data securely.
9
Q
Who are the key persons outlined within GDPR?
A
- Controller - Determines the purpose and means of processing data
- Processor - Person that processes data on behalf of controller
- Data Protection Officer - Person in a company that is responsible for overseeing the processing of all data.