Data Management Flashcards
How is Lendlease compliant with UK GDPR?
Lendlease has a ‘Data Governance Forum’ whereby members take leadership for data sets which are high value e.g.
- Privacy Council manage personal data
- Verification Committee ensure what is communicated externally is accurate, they ‘fact check’
We undertake training on:
- Storing data - who can access this data? Is this a LL or third party store? Is there disaster recovery?
- Processing data - only process data in ways that are consistent with the purpose it was obtained for / how the accuracy of data / access control during processing
- Sharing data - do you know the rights we have for sharing the data? Is it on a need to know basis? Has it been validated if going public?
- Destroying data - Only keep for as long as needed / can personal data be de-identified / security and protection of records and archives
What data do you use in your role?
A range of data for different purposes:
- Budgets
- Development appraisals
- Info from architects (drawings / models / schedules)
- Comparable evidence / market evidence (Molior - reliant on developers uploading)
- Agents (reports - pretty reliable)
What is a useful trigger for important data collection dates?
Diaries
- Rent collection
- Rent review notices
- Insurance renewals
- Regular inspections
- Repairing obligations
- Break clauses
- Planning obligations
What is triangulation?
Verifying data against an alternative source
What do data security technologies include?
- Disk encryption
- Regular backups off site
- Cloud storage
- Password protection
- Anti-virus protection
- Firewalls
- Disaster recovery
What is copyright?
- Set of exclusive rights granted to the author / creator of original work, including right to copy
- Rights can be licensed, assigned or transferred
- Form of intellectual property
- Crown copyright (all material prepared by Gov like laws, public records, press releases, OS mapping)
- Must acknowledge copyright in your work
What is the key legislation regarding data protection in the UK?
Data Protection Act (2018)
UK General Data Protection Regulation and the Data Protection Act (2018)
What is the purpose of UK GDPR?
- Single data protection regime
- Affects businesses, with the goal to empower individuals to control how their data is used by third parties
- Right to be informed how data is used
What are the requirements of UK GDPR?
- Data protection impact assessment for high risk holding of data
- Rights for individuals to have access to personal info held and have it erased
- Data controller decides how and why data is processed and responsible
- ‘Data accountability’ ensures firms can prove to the ICO (Information Commissioner’s Office) how they comply with regs)
What is the penalty for security breaches?
- Breaches must be reported to ICO within 72 hours where there is a loss of personal data and risk of harm
- Fine of 4% turnover, or £17.5 million (whatever is greater)
Who polices UK GDPR?
Information Commissioner’s Officer
What are the principles of UK GDPR?
Article 51:
- Process lawfully and transparently
- Collect for specified and legit reasons
- Limited to what is necessary
- Accurate and kept updated
- Kept in a form which permits identification
What are individual rights under UK GDPR?
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to object
What legislation gives individuals right of access to information held by public bodies?
Freedom of Information Act (2000)
What does the Freedom of Information Act (2000) set out?
- Public body must tell any individual requesting the info if it holds it
- Required to supply info in 20 days
- It can charge
Exemption: If it would prejudice a criminal matter under investigation, or a persons/firms commercial interest
