Data Management Flashcards
Can you name the recently introduced regulations set out to control how companies manage data they hold?
Data Protection Act 2018
Can you name the legislation that the Data Protection Act 2018 is supported by?
General Data Protection Regulation
Outline the Data Protection Act 2018
Controls how your personal information is used by organisations, businesses or government.
Data must be handled and stored in a secure way.
Must be used for specified, explicit purposes.
Must be used fairly, lawfully and transparently.
Stronger protection for more sensitive info such as race/ethnicity, health conditions, etc.
What kind of data might I work with?
Documents, books, files, internet sources.
How does GDPR affect your working activities?
I must ask permission to contact people and collect data. For example, we have a mailing list for new properties. When registering people, I have to ask if they are happy for their details to be stored and contacted.
Can you name any of the eight principles covered in the Data Protection act 2018?
Accountability
Fair and Lawful Use, Transparency
Can you name any of the sources of data currently in use by the construction industry?
Cost data
Mobile telephone data
How do you equalise data from different sources?
TBC
What rights do people have under the Data Protection Act?
To have their data erased
To object to their data being used
The right to correct information
The right to ask how their data is being used
Etc…
What current challenges is Covid and/or Brexit bringing to Data Management?
Brexit led to the introduction of UK GDPR, which sits alongside the Data Protection Act
Covid has increase hybrid/home working significantly. This brings cyber security issues, and more heavy reliance on cloud services. There are more devices handling work data (phones, home networks, laptops), increases the risk of breaches.
If home or hybrid working, how would you deal with cyber security
My firm use a VPN to access our local network. If not connected to this (which is password protected), I cannot access any files.
We are only authorised to use work devices, not personal devices.
We have been issued with online training courses by our IT support providers to understand risks and how to mitigate these.
What is meant by the right to be forgotten?
This is a legal right granted under the General Data Protection Regulation (GDPR) allowing individuals to request that their personal data be erased from an organization’s systems and databases when certain conditions are met. It is also known as the right to erasure.
What are you considered as under the regulations?
A data controller and data processor
Data controller - e.g. handling sensitive client data for property transactions such as PoF and ID
Data processor - subcontracted to carry out a valuation by a bank. I do not decide how data is used, but I abide by their protocol
How does you in-house system comply with GDPR?
We act in line with the principles of the Data Protection Act and the UK GDPR and are transparent with our data handling
We use remote access servers and password protect all devices
We have a clear desk policy
We have a clear retention schedule and archiving procedure
How long does data have to be stored for?
As long as necessary.
RICS generally recommends keeping property-related documents, such as surveys, valuations, and client correspondence, for a minimum of 6 years after the completion of the transaction or service, to cover any potential future disputes or claims.
