Data Management

Question 1

How do you comply with UK GDPR when dealing with mailing lists?

Question 2

What sorts of information can a firm reasonably retain in order to comply with other laws?

Question 3

What data security technologies are there?

Answer 3

1. Disk encryption
2. Regular backups off site
3. Password protection and use of anti-virus software protection
4. Firewalls and disaster recovery procedures

Question 3

What systems does your firm have in place to ensure data security

Question 4

What are your disaster recovery procedures

Question 5

What are the acts associated with Data Management?

Answer 5

UK General Data Protection Regulation 2016 and the Data Protection Act 2018

Question 6

What is the purpose of the UK General Data Protection Regulation and the Data Protection Act

Answer 6

Aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties
Gives people rights to be informed about how their personal information is used.

Question 7

When should data security breaches be reported to ICO

Answer 7

Within 72 hours and when there is a loss of personal data and a risk of harm to individuals

Question 8

What fines can occur if security is breached?

Answer 8

Fines up to 4% of global turnover of the company. OR £17.5 million (whichever greater)

Question 9

Who polices when a security is breached

Answer 9

ICO (Information Commissioner’s Office)

Question 10

What are the principles of the UK GDPR

Answer 10

Article 5(1) Principles relating to the storage of persona data states that data must be:
1. Processed lawfully, fairly and transparent manner
2. Collected for specified, explicit and legitimate purposes
3. Adequate, relevant and limited to what is necessary for the purposes for which they are processed.
4. Accurate and kept up to date
5. Processed in a manner that ensures appropriate security of personal data

Question 11

What does Article 5(2) require?

Answer 11

The controller be responsible for, and able to demonstrate, compliance with the principles.

Question 12

What are the 8 Individual Rights Under UK GDPR

Answer 12

Right:
1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights to automated decision making and profiling

Question 13

What does the Freedom of Information Act 2000 give?

Answer 13

Gives individuals right of access to information held by public bodies

Question 14

Under the Freedom of Information Act 2000, what must be done?

Answer 14

A public body must tell any individual requesting sight of information whether it holds it
Normally public body is required to supply it in 20 working days in format requested
It can charge for the provision of the information

Question 15

What exemptions are allowed under Freedom of Information Act 2000

Answer 15

If contrary to GDPR requirements
It would prejudice a criminal matter under investigation, or a persons commercial interest

Question 16

How can security of data be improved

Answer 16

By using firewalls, encryption and passwords
Also by understanding how non-disclosure agreement works

Question 17

What does GDPR stand for?

Answer 17

General Data Protection Regulation

Question 18

Any other information you are aware of on Data Handling?

Answer 18

Proposed RICS Professional Statement on Data Handling and the Prevention of Cyber Crime – addresses how surveyors collect, store, and use data.

Question 19

What methods are there for securing data?

Answer 19

Digital:
* Disk encryption
* Off-site backups
* Password protection
* Anti-virus software
* Firewalls
* 2-point authentication system (phones and emails)
* Do not use US or personal email with anyone
Physical:
* Locked in filing cabinet
* Clear desk policy

Question 20

What is copyright?

Answer 20

• A set of exclusive rights granted to the author or creator of any original work, including right to copy
• Exclusive rights granted to creator of any work
• A form of intellectual property
• Can be licensed, assigned, or transferred
• Crown Copyright – all materials prepared by Government

Question 21

What is an NDA?

Answer 21

Legal agreement between 2 parties not to share confidential material – can be sued for damages inflicted after sharing information

Question 21

When and where do data security breaches need to be reported to?

Answer 21

To Information Commissioner’s Office within 72 hours

Question 22

What is GDPR 2018?

Answer 22

UK’s implementation of GDPR. Complete data protection system, governs personal data as well as all other data previously covered within the 1998 act. Amended 1st Jan 21 to reflect Brexit.

Question 23

What are the max fines of GDPR?

Answer 23

£17.5 million or 4% of total annual worldwide turnover in preceding financial year, whichever is higher

Question 23

When did UK GDPR come into effect?

Answer 23

New rules relating to how we collect, and process personal data came in 31 Dec 2020

Question 24

What legislation covers data protection in UK?

Answer 24

Data Protection Act 2018 and UK GDPR 2020

Question 25

Tell me what you know about GDPR?

Answer 25

• Represents the largest change in data protection law across the EU
• Designed to ‘harmonise’ data privacy laws across all of its members countries as well as providing greater protection and rights to individuals

Question 25

What does the Data Protection Act 2018 involve?

Answer 25

UK’s implementation of GDPR. A complete data protection system covering all general data previously covered by 1998 Act.

Question 26

What are key requirements of Data Protection Act?

Answer 26

• An obligation to conduct data protection impact assessments for high risk holding of data
• New rights for individuals to have access to info on what personal data is held and to have it erased
• Data controller decides how and why personal data is processed and solely responsible for GDPR

Question 27

DPA 1998 vs DPA 2018?

Answer 27

• Obligations more prescriptive and penalties are greater
• Aims to create single data protection regime for business across EU and to empower individuals to take control of how data is used by third parties

Question 28

What is Article 5 of GDPR? What are the principles of GDPR?

Answer 28

-relates to processing of personal data
(a) – lawfulness, fairness and transparency
(b) – purpose limitation
(c) – data minimisation
(d) – accuracy
(e) – storage limitation
(f) – integrity and confidentiality
(g) – Accountability principle

Question 29

What are the GDPR 8 individual rights?

Answer 29

I – right to be informed
A – right of access
P – right to restrict processing
P – right to portability
E – right to erase
A – right to automated decision making and profiling
R – right to rectification
O – right to object

Question 30

Who is GDPR policed by?

Answer 30

Policed by Information Commissioners Office – can also take alternative actions instead of/as well as fines including:
1. Issuing warnings
2. Imposing a temporary or permanent ban on data processing
3. Ordering the rectification, restriction, or erasure of data
4. Suspending data transfers to third countries

Question 31

What is the Privacy and Electronic Communications Regulations (PECR) 2003?

Answer 31

• Sits alongside the Data Protection Act and GDPR
• Gives specific privacy rights in relation to electronic communications
• Rules on:
  o Marketing calls, emails, texts, and faxes
  o Cookies
  o Keeping communications services secure
  o Customer privacy in regards to traffic and location data

Question 32

What is the Limitation Act 1980?

Answer 32

• Statute that provides timescales within which action may be taken (by issuing a claim form) for breaches of the law
• Contract – 6 years from date of negligent act. Section 14a provides alternative limitation period of 3 years from date of knowledge of the damage, subject to 15-year long stop
• Tort – 6 years from date claimant suffered loss

Question 33

Tell me about the Freedom of Information Act 2000?

Answer 33

• Gives the public the right to request information from public bodies in writing
• Info has to be provided within 20 working days
• Info will be refused in the interest of national security and current legal issues

Question 34

What is the Freedom of Information Act 2000?

Answer 34

• Gives individuals the rights to access information held by public bodies. Required to provide the information within 20 working days.

Question 35

What are automated valuation models? What are the pros and cons?

Answer 35

• Software systems that can provide valuations using mathematical modelling
• Argus Val Cap, Developer
• Cons: limited function compared to excel
• Pros: limited mistakes

Question 35

What is ISO and what does it state?

Answer 35

• ‘International Organisation for Standardisation’
• International standard-setting body composed of representatives from various national standards organisations
• Promotes worldwide proprietary, industrial, and commercial standards

Question 36

What is ISO 9001?

Answer 36

• International Standard that specifies requirements for a Quality Management Service (QMS)
• Requirements:
  o Monitoring and measuring equipment calibration records
  o Records of training, skills, experience, and qualifications
  o Product/service requirements review records
  o Records about designating and development outputs review

Question 37

What is Big Data?

Answer 37

• Term that describes large volumes of data – both structured and unstructured that inundates a business on a day-to-day basis
• Can be used and analysed for insights that lead to better decisions and strategic business moves
• Emphasis on big data as we move to ‘smart cities’ which can identify need of the city etc

Question 38

What are Data Rooms?

Answer 38

• Set up for property transaction, managed by lawyers / marketing team
• Access given to relevant parties via username and password creation
• Contains relevant information for pre-bid due diligence

Question 39

What are some data management software systems?

Answer 39

• Excel – formula, sorting, email reminder
• Outlook and word
• Property and software systems – argus, RADAR, Datscha, Land Registry

Question 40

What data do you input and output?

Answer 40

Input: survey data, rental information, settlements
Output: rental information, settlements

Question 40

What are some examples of communication specific reasoned information?

Answer 40

Use of graphs, photos, evidence schedules, maps
To support arguments in tribunals, contribute to property market sentiment reports, advise on data storage/filing systems, advise on security (being young in the firm is advantage as more tech savvy than colleagues as grown up with technology), comply with client’s data security

Question 40

What is best practice in data management?

Answer 40

• Cross reference with hard copy
• IT system maintenance – back up
• Protect integrity - write once, read many times
• Info management policy, system integrity
• Audit trail
• Electronic signature has legal status, as long as it cannot be altered

Question 41

What are different types of data analysis?

Answer 41

• SWOT analysis
• Traffic light (RAG) analysis
• Weighted analysis
• Ranking
• Cost benefit analysis
• Option analysis
• Software based or excel

Question 42

How can different data be displayed?

Answer 42

• Graphs
• Diagrams
• Bar charts
• Plotted on maps
• Schedules
• Tables
• Matrices
• Powerpoint presentations

Question 43

How does GDPR affect your firm? Compliance?

Answer 43

We are aware of where all personal data is kept. Undertake data protection impact assessments

Question 43

What is data analysis used for?

Answer 43

• Creating shortlists
• Creating business plans
• Creating action plans
• Making recommendations
• Giving advice
• Bringing data to life enable decisions to be made

Question 44

What is the document cycle?

Answer 44

Compose – Capture – Review – Approve – Retrieve – Archive – Compose etc

Question 45

What is the difference between a deed and a registered title?

Answer 45

• Deeds are absolute proof
• Registered land is a good indication