Data Management

Question 1

All data sources need to be?
What are the essential characteristics that all data sources need to have?

Answer 1

• Accurate
• Verified
• Up to date
• Reliable

Question 2

What must you ensure when researching comparable data?

Answer 2

• Comprehensive, i.e. Ideally, more than one transaction. At least three, if not more than five, would be better
• Very similar or identical
• Recent
• Result of an arm’s length transcation
• Verifiable
• Consistent with local market practice
• Result of underlaying demand, i.e. Sufficient bidders to create an active market

Question 3

What is the UK’s implementation of GDPR?

Answer 3

The Data Protection Act 2018

Question 4

What is Data Protection Act 2018?

Answer 4

UK’s implementation of GDPR

Question 5

What does GDPR stand for?

Answer 5

General Data Protection Regulation

Question 6

What does GDPR relate to?

Answer 6

Control how Personal data used by organisations and businesses

Question 7

When was GDPR effective?

Answer 7

25 May 2018

Question 8

How often should firms consider and document the risks to all types of data they hold?

Answer 8

Review should occur regularly, at least annually

Question 9

How can data breaches happen?

Answer 9

• employee mistakes
• equipment failure
• hacking
• cyber-attacks
• malware (software designed to gain access to your computer systems)
• loss of equipment

Question 10

What topics should be focused on to ensure your staff are trained to keep data secure?

Answer 10

• what to do if there is a data breach and how to report one
• how to transfer data securely (both inside and outside the office)
• how to work securely from home
• how to comply with the firm’s personal data-protection policy
• how to avoid falling victim to malware, phishing and other types of cyber-attacks
• being careful with the firm’s information on social media
• setting up proper passwords

Question 11

What is Personal Data?

Answer 11

UK GDPR ARTICLE 4 states:
Any information relating to an identified or identifiable natural person (data subject) and an identifiable natural person is one who can be identified directly or indirectly

Question 12

What is Copyright?

Answer 12

A form of Intellectual Property (IP) that the author of the original work has exclusive rights to control the distribution of their work.

Question 13

Who are the key persons outlined within GDPR?

Answer 13

Controller – person that determines the purpose and means of processing personal data e.g. the employer.

Processor – person that processes personal data on behalf of the controller e.g., call centres acting on behalf of its client.

Data Protection Officer – leadership role required by EU GDPR. Responsible for overseeing the data protection approach strategy and implementation.

Question 14

Who must all firms hire under GDPR

Answer 14

Data Protection Officer

Question 15

Who is GDPR policed by?

Answer 15

Information Commissioners Office (ICO)

Question 16

When do data security breaches need to be reported to ICO?

Answer 16

When there is a loss of personal data and a risk to individuals - within 72 hours

Question 17

What are the Eight (8) individual rights under GDPR?

Answer 17

1. Informed
2. Access
3. Rectification
4. Erasure抹掉
5. Portability
6. Restrict processing
7. Object
8. Automated decision making and profiling剖析

I ARE PRO A

Question 18

According to Article 5(1) of the GDPR, what are the obligations of data holders regarding the principles of storing personal data? Please outline the key requirements for how personal data must be handled.

Answer 18

1. Lawfulness, fairness and transparency;
2. Purpose limitation
3. Storage limitation
4. Data minimisation
5. Accuracy
6. Integrity and confidentiality
7. Accountability

LFT
PL
SL
DM
AIA

Question 19

Under the UK GDPR and the Data Protection Act 2018, what are the maximum fines?

Answer 19

£17.5 million or 4% of the annual global turnover (whichever is higher)

Question 20

What does the Freedom of Information Act 2000 allow for?

Answer 20

Gives the public the right to request information held by public authorities

Question 21

What are the timescales associated with requesting of information under the Freedom of Information Act 2000?

Answer 21

Public body must supply the information within 20 working days

Question 22

How can a FOI request be made?

Answer 22

Must be written - Letter, email, social media, online form, fax

Question 23

What are the reasons for refusing a request under the Freedom of Information Act 2000?

Answer 23

1. Contrary to GDPR
2. Prejudice criminal matter under investigation or a person’s commercial interest
3. Too costly or too much staff time
4. The request is vexatious 無理取鬧的
5. The request is a repeat of previous from same person

Question 24

What two ways does the freedom of information act provide the public with access to information held by public authorities?

Answer 24

1. The Act provides individuals or organisations with the right to request information held by a public authority.
2. Information must also be published through the public authority’s publication scheme.

Question 25

What security measures can be implemented to safeguard data?

Answer 25

1. Password Protection/ Changing Password
2. Locking laptop when away form desk
3. Firewalls
4. Two factor authentication

Question 26

What data is held in your office?

Answer 26

Employee Data - Individual information
Client Data - Leases, plans, deeds
Company Data - Accounts, TOE, Instructions

Question 27

What best practices would you recommend for effective data management?

Answer 27

1. Regular Backups
2. Ensure electronic signature cannot be altered (send PDF version)
3. Data Encryption

Question 28

What is Encryption?

Answer 28

A process of converting data into a coded format, so that only authorised people with the correct key or password can read or access it. It helps protect sensitive information from being accessed by unauthorised individuals.

Question 29

What is firewall?

Answer 29

A security system that monitors and controls incoming and outgoing network traffic. It acts as a barrier between your computer or network and the internet, blocking unwanted or harmful data while allowing safe data to pass through.

Question 30

What is Blockchain?

Answer 30

Blockchain is a digital system for recording transactions in a secure, transparent, and unchangeable way.

It works like a chain of blocks, where each block contains a list of transactions. These blocks are linked together and stored across multiple computers, making it difficult for anyone to alter the information without everyone else knowing. It’s commonly used for things like cryptocurrency and secure data management.

Question 31

What does disclosure mean?

Answer 31

Sharing of information with others

Before sharing information you must be sure you have the right to disclose it and the person requestion it has the right to receive it.

Question 32

What is the purpose of Commissioners for Revenue and Customs Act 2005 (CRCA)?

Answer 32

Ratepayer information is covered by the duty of confidentiality

Question 33

What does CRCA set the VOA’s statutory functions as?

Answer 33

• Producing rating lists
• Council tax valuation lists
• Valuation of property

Question 34

How long can you store data for under the CRCA?

Answer 34

No time limit but needs to be Reasonable, Necessary and Proportionate

Question 35

What are the key principles set out in the CRCA 2005?

Answer 35

• Reasonable
• Necessary
• Proportionate

Question 36

Which parts of the CRCA 2005 relate to your firm?

Answer 36

VOA - section 10
Disclosure- section 18
Criminal Offences - section 19

Question 37

What is a non-disclosure agreement?

Answer 37

Agreement between two or more parties to keep data/information confidential for a certain period under certain conditions.

Question 38

What is your firms data management strategy?

Answer 38

4 pillars
1. Data Foundations - data that is fit for purpose: held in the right formats, on the right systems, and of good quality.
2. Data Skills
3. Data Availability - data that is appropriately accessible to our customers, users across government, and beyond.
4. Data Responsibility - data that is always used responsibly, in a way that is lawful secure, fair, ethical, sustainable and accountable

FRAS

Question 39

Types of data?

Answer 39

Qualitative - things
Quantitative - numbers

Question 40

What can you do to protect against a Data Breach?

Answer 40

• VPN
• Changing password regularly
• Two factor authentication
• Antivirus software

Question 41

What is the Key difference between GDPR and DPA 2018?

Answer 41

GDPR looks to regulate personal data
vs
DPA 2018 goes further and regulates non-personal data

Question 42

How would you deal with a freedom of information request?

Answer 42

• Check the request is made in writing (email/letter)
• Check it includes the requester’s name and address and clearly describe the information wanted.
• Forward request to FOI inbox team

Question 43

What is Subject Access Request (SAR) under DPA 2018?

Answer 43

A written request to a company asking for access to the PERSONAL NFORMATION it holds on you.

Question 44

How would you deal with someone requesting to access their own personal information?

Answer 44

There is a deadline of one month to response to the request. I would forward any request where a requester asks for their own information to the SAR inbox immediately by email.

If the request is part of the outstanding case, I would consider if it can be dealt with more appropriately as business as usual under CRCA.

A verbal request for property information cannot always be answered verbally. We may require verification of the person’s link to the property before deciding whether we can disclose the information.

Question 45

How do you validate information

Answer 45

• Cross check with another source
• Call to get further information / confirm details
• Adopt a common sense approach

Question 46

Name some benefits of cloud based storage systems?

Answer 46

• Information is backed up on encrypted server
• Cloud systems are often cheaper than the cost of physically storing and managing files
• Environmentally friendly