Data Management

Question 1

what are the GDPR consumer rights

Answer 1

A - Access
C – Consent
C - Correction
E – Erasure
P – Data Portability
ACCEP
(Accep your rights)

Question 2

what regulation governs laws on data protection and privacy

Answer 2

UK General data protection regulation 202

Question 3

Article 5 of GDPR requires that personal data should be what? Name at least 3

Answer 3

Processed lawfully, fairly in a transparent manner (PLT)

Adequate, relevant, and limited to what is necessary

Collected for specified explicit and legitimate purposes

Kept in a form that permits identification of data for no longer than is necessary

Accurate and kept up to date, where necessary

Processed in a manner that ensures appropriate security of personal data.

PACKAP

Question 4

What is the maximum GDPR fine set by UK GDPR and DPA 2018

Answer 4

17.5 Million or 4% of annual global turnover (whichever is highest).

Question 5

Data offences can be punished by what? Name two (excluding fines).

Answer 5

Warnings

Temporary or permanent ban on data processing

Restriction or erasure of data

Suspend data transfers to third party countries.

Question 6

what is DPA 2018?

Answer 6

Data Protection Act 2018

UK’s implementation of GDPR

Question 7

Are you aware of the Freedom of Information Act 2000?

Answer 7

Yes it provides the public access to information held by public authorities.

Question 8

how do FOI Act 2000 requests work?

Answer 8

Must be in writing

Question 9

What security measures can you use to protect data?

Answer 9

Password protection
Security markings
Physically locking storage units
Encryption firewalls
Two factor authentication

Question 10

what best practices would you encourage in terms of managing data?

Answer 10

Cross reference computer with hard copy

Back up IT systems

Write once, read many times

Keep an audit trail

Ensure electronic signature cannot be altered. (send PDF’s not word)

Question 11

tell me what you know about GDPR

Answer 11

General Data Protection Regulation

Article 5 sets out the consumer rights which includes the right to be informed, right to access, right to erase, right to correct and right to withdraw consent.

Applies to the VOA – right to correct is something we actively do in the Check stage of CCA and in Form of return where personal data is explicitly collected.

Question 12

what is the definition of personal data?

Answer 12

Personal data are any information which are related to an identified or identifiable person.

Question 13

what is encryption/firewalls/blockchain?

Answer 13

Encryption is a means of securing data by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher.

A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.

A blockchain is a digitally distributed, decentralized, public ledger that exists across a network.

Question 14

tell me about how you extract data from a source regularly used in your role

Answer 14

Internal database – CDB for rental information

Set parameters for data to refine prior to download

Use filters on excel to refine the data to what I need

Question 15

what is an electronic document management system (EDMS)?

Answer 15

software package designed to manage electronic information and records within an organisation’s workflow.

Question 16

Give me an example of how you ensure that data is kept securely.

Answer 16

Permission levels, back up systems, sensitive tag

Question 17

how do you validate information

Answer 17

Cross check with another source
Call to get further information / confirm details
Adopt a common sense approach

Question 18

What are pros/cons of primary data sources

Answer 18

Pros
Greater control (type of data, design, method)
May be more accurate

Cons
Expensive (may make it more difficult)
Time consuming

Question 19

What are pros/cons of secondary data sources

Answer 19

Pros
Easily accessible
Affordable

Cons
May lack reliability
May be outdated

Question 20

You shared rental evidence with an agent for rating purposes, did you have permission to share that information?

Answer 20

Yes - The Valuation Office Agency (VOA), as an executive agency of HMRC, is subject to the Commissioners for Revenue and Customs Act 2005 (CRCA)

Question 21

Can other colleagues access information you are working on?

Answer 21

No if they are in a different team e.g. DVS then they will not be able to access information stored for rating purposes.

Question 22

Freedom of information act 2000 exemptions

Answer 22

Personal data
National security

Question 23

Tell me more about the data protection act 2018

Answer 23

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

Question 24

What regulation covers sharing data?

Answer 24

Commissioners for Revenue and Customs Act 2005

CRCA ACT

Question 25

benefits of cloud based systems

Answer 25

information is backed up by encrypted servers

accessibility can be manged via online settings

cheaper than physically storing and managing files

more convenient to send and share files online instead of mailing physical copies

Question 26

meaning of a non disclosure agreement

Answer 26

Used to protect against the disclosure or sharing of any confidential data.

Question 27

who are the key persons outlined within GDPR?

Answer 27

Controller – person that determines the purpose and means of processing personal data e.g. the employer.

Processor – person that processes personal data on behalf of the controller e.g., call centres acting on behalf of its client.

Data Protection Officer – leadership role required by EU GDPR. Responsible for overseeing the data protection approach strategy and implementation.

Question 28

what should companies put into place to ensure GDPR compliance?

Answer 28

Raise awareness across the business

Audit personal data

Review procedures supporting individual rights

Identify and document the legal basis for processing personal data under GDPR

Train staff and give them the information

Question 29

What personal and confidential information does the VO hold?

Answer 29

Personal data relating to VOA employees

Emails containing sensitive or confidential information

Customer correspondence received in confidence

Customer records

Property information

Contractual information

Question 30

define what disclosure means?

Answer 30

The sharing of information with others

Question 31

what does CRCA set the VO’s functions as?

Answer 31

Producing rating lists
Council tax valuation lists
Valuation of property

Question 32

what two ways does the freedom of information act provide the public with access to information held by public authorities?

Answer 32

Public authorities are obliged to publish certain information about their activities.

Members of the public are entitled to request information from public authorities.

Question 33

when would you disclose information about taxpayers (or their properties) or our customers to third parties?

Answer 33

In line with CRCA Act 2005:

If essential for one of our functions

In line with legislation or statutory gateway under LGFA

With consent of the taxpayer, customer or client

For civil proceedings such as valuation tribunal hearings

Question 34

How would you deal with someone requesting to access their own personal information?

Answer 34

There is a deadline of one month to respond to a request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by emailing.

if the request is part of an outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

Question 35

How would you deal with a freedom of information request?

Answer 35

Check the request is made in writing (email/letter)
Check it includes the requester’s name and address and clearly describe the information wanted.
Forward request to FOI inbox team

Question 36

How do you store data?

Answer 36

When gathering data for any reason I always ensure to place it within the VOA’s secure drives. Case documents go in restricted drives where only certain staff can reach.

Question 37

Why did you use external sources for the house in Newport?

Answer 37

This was to verify the information held on the VOA database to ensure correct information was being used.

Question 38

How did you restrict the files for the house in newport?

Answer 38

I ensured the files set up had permissions set for only the people working on the project.

Question 39

What advice did you provide for the land in Worcestershire?

Answer 39

This was an analysis of a land sale in the county. Following this I saved the data in secured files in a database showing its price per acre and what the use was for. I advised a senior surveyor of this so that they could use this information in the future when valuing land.

Question 40

Where was the data stored?

Answer 40

Two secured VOA drives. One so that the valuer can download the sale alongside others when needed and another database I created to describe what the land was for.

Question 41

What advice did you provide for the land in Herefordshire?

Answer 41

I advised my supervisor of the database i created for them to use in a development appraisal this included house sales, land sales. I input this data into a simple but effective database so they could easily see comparables and work out the GDV of the site.

Question 42

What are the seven principles of GDPR

Answer 42

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

Question 43

What is a data controller?

Answer 43

determines the purposes and means of processing personal data

Question 44

What is a data processor?

Answer 44

processes personal data only on behalf of the controller

Question 45

What is discrete data?

Answer 45

Discrete data is information that can only take certain values. Such as the profit of a company.

Question 46

What is continuous data?

Answer 46

Continuous data is data that can take any value. Such as Height, weight, temperature

Question 47

How long to report a data breach?

Answer 47

48 hours to report internally

72 hours to report to Information Commissioners Office - legally