Data Management Flashcards

1
Q

what are the GDPR consumer rights

A

A - Access
C – Consent
C - Correction
E – Erasure
P – Data Portability
ACCEP
(Accep your rights)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what regulation governs laws on data protection and privacy

A

UK General data protection regulation 202

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Article 5 of GDPR requires that personal data should be what? Name at least 3

A

Processed lawfully, fairly in a transparent manner (PLT)

Adequate, relevant, and limited to what is necessary

Collected for specified explicit and legitimate purposes

Kept in a form that permits identification of data for no longer than is necessary

Accurate and kept up to date, where necessary

Processed in a manner that ensures appropriate security of personal data.

PACKAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the maximum GDPR fine set by UK GDPR and DPA 2018

A

17.5 Million or 4% of annual global turnover (whichever is highest).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data offences can be punished by what? Name two (excluding fines).

A

Warnings

Temporary or permanent ban on data processing

Restriction or erasure of data

Suspend data transfers to third party countries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is DPA 2018?

A

Data Protection Act 2018

UK’s implementation of GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Are you aware of the Freedom of Information Act 2000?

A

Yes it provides the public access to information held by public authorities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

how do FOI Act 2000 requests work?

A

Must be in writing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What security measures can you use to protect data?

A

Password protection
Security markings
Physically locking storage units
Encryption firewalls
Two factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what best practices would you encourage in terms of managing data?

A

Cross reference computer with hard copy

Back up IT systems

Write once, read many times

Keep an audit trail

Ensure electronic signature cannot be altered. (send PDF’s not word)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

tell me what you know about GDPR

A

General Data Protection Regulation

Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.

Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is the definition of personal data?

A

Personal data are any information which are related to an identified or identifiable person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is encryption/firewalls/blockchain?

A

Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.

A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.

A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

tell me about how you extract data from a source regularly used in your role

A

Internal database – CDB for rental information

Set parameters for data to refine prior to download

Use filters on excel to refine the data to what I need

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is an electronic document management system (EDMS)?

A

software package designed to manage electronic information and records within an organisation’s workflow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Give me an example of how you ensure that data is kept securely.

A

Permission levels, back up systems, sensitive tag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

how do you validate information

A

Cross check with another source
Call to get further information / confirm details
Adopt a common sense approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are pros/cons of primary data sources

A

Pros
Greater control (type of data, design, method)
May be more accurate

Cons
Expensive (may make it more difficult)
Time consuming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are pros/cons of secondary data sources

A

Pros
Easily accessible
Affordable

Cons
May lack reliability
May be outdated

20
Q

You shared rental evidence with an agent for rating purposes, did you have permission to share that information?

A

Yes - The Valuation Office Agency (VOA), as an executive agency of HMRC, is subject to the Commissioners for Revenue and Customs Act 2005 (CRCA)

21
Q

Can other colleagues access information you are working on?

A

No if they are in a different team e.g. DVS then they will not be able to access information stored for rating purposes.

22
Q

Freedom of information act 2000 exemptions

A

Personal data
National security

23
Q

Tell me more about the data protection act 2018

A

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

24
Q

What regulation covers sharing data?

A

Commissioners for Revenue and Customs Act 2005

CRCA ACT

25
Q

benefits of cloud based systems

A

information is backed up by encrypted servers

accessibility can be manged via online settings

cheaper than physically storing and managing files

more convenient to send and share files online instead of mailing physical copies

26
Q

meaning of a non disclosure agreement

A

Used to protect against the disclosure or sharing of any confidential data.

27
Q

who are the key persons outlined within GDPR?

A

Controller – person that determines the purpose and means of processing personal data e.g. the employer.

Processor – person that processes personal data on behalf of the controller e.g., call centres acting on behalf of its client.

Data Protection Officer – leadership role required by EU GDPR. Responsible for overseeing the data protection approach strategy and implementation.

28
Q

what should companies put into place to ensure GDPR compliance?

A

Raise awareness across the business

Audit personal data

Review procedures supporting individual rights

Identify and document the legal basis for processing personal data under GDPR

Train staff and give them the information

29
Q

What personal and confidential information does the VO hold?

A

Personal data relating to VOA employees

Emails containing sensitive or confidential information

Customer correspondence received in confidence

Customer records

Property information

Contractual information

30
Q

define what disclosure means?

A

The sharing of information with others

31
Q

what does CRCA set the VO’s functions as?

A

Producing rating lists
Council tax valuation lists
Valuation of property

32
Q

what two ways does the freedom of information act provide the public with access to information held by public authorities?

A

Public authorities are obliged to publish certain information about their activities.

Members of the public are entitled to request information from public authorities.

33
Q

when would you disclose information about taxpayers (or their properties) or our customers to third parties?

A

In line with CRCA Act 2005:

If essential for one of our functions

In line with legislation or statutory gateway under LGFA

With consent of the taxpayer, customer or client

For civil proceedings such as valuation tribunal hearings

34
Q

How would you deal with someone requesting to access their own personal information?

A

There is a deadline of one month to respond to a request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by emailing.

if the request is part of an outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

35
Q

How would you deal with a freedom of information request?

A

Check the request is made in writing (email/letter)
Check it includes the requester’s name and address and clearly describe the information wanted.
Forward request to FOI inbox team

36
Q

How do you store data?

A

When gathering data for any reason I always ensure to place it within the VOA’s secure drives. Case documents go in restricted drives where only certain staff can reach.

37
Q

Why did you use external sources for the house in Newport?

A

This was to verify the information held on the VOA database to ensure correct information was being used.

38
Q

How did you restrict the files for the house in newport?

A

I ensured the files set up had permissions set for only the people working on the project.

39
Q

What advice did you provide for the land in Worcestershire?

A

This was an analysis of a land sale in the county. Following this I saved the data in secured files in a database showing its price per acre and what the use was for. I advised a senior surveyor of this so that they could use this information in the future when valuing land.

40
Q

Where was the data stored?

A

Two secured VOA drives. One so that the valuer can download the sale alongside others when needed and another database I created to describe what the land was for.

41
Q

What advice did you provide for the land in Herefordshire?

A

I advised my supervisor of the database i created for them to use in a development appraisal this included house sales, land sales. I input this data into a simple but effective database so they could easily see comparables and work out the GDV of the site.

42
Q

What are the seven principles of GDPR

A

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

43
Q

What is a data controller?

A

determines the purposes and means of processing personal data

44
Q

What is a data processor?

A

processes personal data only on behalf of the controller

45
Q

What is discrete data?

A

Discrete data is information that can only take certain values. Such as the profit of a company.

46
Q

What is continuous data?

A

Continuous data is data that can take any value. Such as Height, weight, temperature

47
Q

How long to report a data breach?

A

48 hours to report internally

72 hours to report to Information Commissioners Office - legally