Data Management Flashcards

1
Q

What are the main laws governing data?

A

Data Protection Act (2018) and UK GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why does data regulation exist?

A

To ensure safety around people’s personal information and also to give people rights around their data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do you do to ensure you comply with regulation?

A

I ensure I complete training on data/cybersecurity
I ensure I comply with GDPR
I am thorough and accurate in my data processes
I keep data up to date and relevant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does your firm do to ensure compliance with regulation?

A

We have an internal compliance director who is the go-to for all questions/issues
We have regular internal training
We ensure our databases comply with GDPR
We keep records for 6 years, or 15 if necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What did you do to ensure your client database complied with regulation?

A

We ensure data is:
accurate
up to date
necessary to keep
only kept for the amount of time it is required
secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do you do to ensure your internal comparable database complies with regulation?

A

We ensure data is:
accurate
up to date
necessary to keep
only kept for the amount of time it is required
secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do you ensure information is correct?
(internal database)

A

I always seek to confirm details with agents
If I am using information from the database, I will confirm with the individual who input it, where the data came from, has it been confirmed etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who governs data regulation in the UK?

A

ICO - Information Commissioner’s Office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are data security measures you can take?

A

Disk encryption – encrypting data on a secure hard disk drive
Regular backups off site
Cloud storage
Password protection
Anti-virus software
Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can you sum up GDPR/Data Protection Act?

A

GDPR was introduced to give individuals rights around what data companies can hold about them.

Seven key principles:

Processed lawfully and transparently
Collected for specified and legitimate purposes and not processed in a manner beyond those means
Accurate
kept up to date
If an individual is identifiable from the data, it must be kept for no longer than it is required
Appropriate security
Accountability - organisations are accountable for demonstrating compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the consequences for non-compliance of GDPR?

A

Fines of up to £17.5 million or 4% of annual turnover, whatever is highest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the principles of GDPR?

A

Data must be:

Processed lawfully and transparently
Collected for specified and legitimate purposes and not processed in a manner beyond those means
Accurate and kept up to date
If an individual is identifiable from the data, it must be kept for no longer than it is required
Appropriate security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are consumer/people’s rights under the Data Protection Act/GDPR?

A

The right to know what data organisations store about them:

Right to know how data is being used
Right to access
Right to correct/update
Right to erase
Right to stop or restrict the processing of your data
Data portability (allow you to get and reuse your data for difference services
Right to object how your data is processed in certain circumstances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the ‘data protection principles’

A

Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security)
Accountability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What about profiling?

A

Individuals also have the same rights for profiling, or automated decision-making processes (even without human involvement) i.e. if personal data is being used for this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Are you aware of any RICS guidance on data?

A

The is a proposed RICS Professional Standard on Data Handling and Prevention of Cyber on Data Handling and Prevention of Cybercrime

To cover mandatory obligations and best practice
Address how surveyors capture, store and share data appropriately

17
Q

What happens/needs to happen if a breach of GDPR takes place?

A

Report to the ICO within 72 hours

18
Q

What is your firm’s data protection policy?

A

We ensure compliance with GDPR and all regulation
We carry out regular training to remind employees of responsibilities
We have a Compliance Director who is the go-to for any questions/concerns

19
Q

What training have you had on data?

A

I’ve had training on the Data Protection Act and GDPR
How to notice and report phishing emails
How to process data internally

20
Q

What is personal information?

A

Anything that identifies a person OR sensitive information such as:

race
ethnic background
political opinions
religious beliefs
trade union membership
genetics
biometrics (where used for identification)
health
sex life or orientation

21
Q

What is your understanding of the term confidentiality?

A

Where information is provided but is subject to confidence and not shared without permission

22
Q

What is your understanding of the term Meta Data?

A

Meta Data is information about a specific piece of data – e.g. if sharing a document, the meta data could be the author, the file size, the date the document was created and key words to describe the document
Must be afforded the same level of care

23
Q

What is the Freedom of Information Act?

A

Permits the public the right to request information held by public authorities

24
Q

If two separate departments within your firm were working for two rival companies, how would you ensure client sensitive data was managed?

A

I would make the client aware of the risks and conflict of interest
Exclusivity of staff would be arranged
The use of NDAs would be considered
Separate working locations for each team
Secure document and data storage would be arranged separately for each team

25
Q

How do you manage day to day information to ensure compliance with legislation?

A

I ensure information/data is up to date and accurate
Secure document storage for hard copy, electronic files saved on encrypted servers
Always sure to lock my computer when away from my desk
I regularly update passwords