Data Management

Question 1

What are the main laws governing data?

Answer 1

Data Protection Act (2018) and UK GDPR

Question 2

Why does data regulation exist?

Answer 2

To ensure safety around people’s personal information and also to give people rights around their data

Question 3

What do you do to ensure you comply with regulation?

Answer 3

I ensure I complete training on data/cybersecurity
I ensure I comply with GDPR
I am thorough and accurate in my data processes
I keep data up to date and relevant

Question 4

What does your firm do to ensure compliance with regulation?

Answer 4

We have an internal compliance director who is the go-to for all questions/issues
We have regular internal training
We ensure our databases comply with GDPR
We keep records for 6 years, or 15 if necessary

Question 5

What did you do to ensure your client database complied with regulation?

Answer 5

We ensure data is:
accurate
up to date
necessary to keep
only kept for the amount of time it is required
secure

Question 6

What do you do to ensure your internal comparable database complies with regulation?

Answer 6

We ensure data is:
accurate
up to date
necessary to keep
only kept for the amount of time it is required
secure

Question 7

How do you ensure information is correct?
(internal database)

Answer 7

I always seek to confirm details with agents
If I am using information from the database, I will confirm with the individual who input it, where the data came from, has it been confirmed etc

Question 8

Who governs data regulation in the UK?

Answer 8

ICO - Information Commissioner’s Office

Question 9

What are data security measures you can take?

Answer 9

Disk encryption – encrypting data on a secure hard disk drive
Regular backups off site
Cloud storage
Password protection
Anti-virus software
Firewalls

Question 10

Can you sum up GDPR/Data Protection Act?

Answer 10

GDPR was introduced to give individuals rights around what data companies can hold about them.

Seven key principles:

Processed lawfully and transparently
Collected for specified and legitimate purposes and not processed in a manner beyond those means
Accurate
kept up to date
If an individual is identifiable from the data, it must be kept for no longer than it is required
Appropriate security
Accountability - organisations are accountable for demonstrating compliance

Question 11

What are the consequences for non-compliance of GDPR?

Answer 11

Fines of up to £17.5 million or 4% of annual turnover, whatever is highest

Question 12

What are the principles of GDPR?

Answer 12

Data must be:

Processed lawfully and transparently
Collected for specified and legitimate purposes and not processed in a manner beyond those means
Accurate and kept up to date
If an individual is identifiable from the data, it must be kept for no longer than it is required
Appropriate security

Question 13

What are consumer/people’s rights under the Data Protection Act/GDPR?

Answer 13

The right to know what data organisations store about them:

Right to know how data is being used
Right to access
Right to correct/update
Right to erase
Right to stop or restrict the processing of your data
Data portability (allow you to get and reuse your data for difference services
Right to object how your data is processed in certain circumstances

Question 14

What are the ‘data protection principles’

Answer 14

Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security)
Accountability.

Question 15

What about profiling?

Answer 15

Individuals also have the same rights for profiling, or automated decision-making processes (even without human involvement) i.e. if personal data is being used for this

Question 16

Are you aware of any RICS guidance on data?

Answer 16

The is a proposed RICS Professional Standard on Data Handling and Prevention of Cyber on Data Handling and Prevention of Cybercrime

To cover mandatory obligations and best practice
Address how surveyors capture, store and share data appropriately

Question 17

What happens/needs to happen if a breach of GDPR takes place?

Answer 17

Report to the ICO within 72 hours

Question 18

What is your firm’s data protection policy?

Answer 18

We ensure compliance with GDPR and all regulation
We carry out regular training to remind employees of responsibilities
We have a Compliance Director who is the go-to for any questions/concerns

Question 19

What training have you had on data?

Answer 19

I’ve had training on the Data Protection Act and GDPR
How to notice and report phishing emails
How to process data internally

Question 20

What is personal information?

Answer 20

Anything that identifies a person OR sensitive information such as:

race
ethnic background
political opinions
religious beliefs
trade union membership
genetics
biometrics (where used for identification)
health
sex life or orientation

Question 21

What is your understanding of the term confidentiality?

Answer 21

Where information is provided but is subject to confidence and not shared without permission

Question 22

What is your understanding of the term Meta Data?

Answer 22

Meta Data is information about a specific piece of data – e.g. if sharing a document, the meta data could be the author, the file size, the date the document was created and key words to describe the document
Must be afforded the same level of care

Question 23

What is the Freedom of Information Act?

Answer 23

Permits the public the right to request information held by public authorities

Question 24

If two separate departments within your firm were working for two rival companies, how would you ensure client sensitive data was managed?

Answer 24

I would make the client aware of the risks and conflict of interest
Exclusivity of staff would be arranged
The use of NDAs would be considered
Separate working locations for each team
Secure document and data storage would be arranged separately for each team

Question 25

How do you manage day to day information to ensure compliance with legislation?

Answer 25

I ensure information/data is up to date and accurate
Secure document storage for hard copy, electronic files saved on encrypted servers
Always sure to lock my computer when away from my desk
I regularly update passwords