Data Management

Question 1

What is GDPR?

Answer 1

General Data Protection Regulation

Question 2

What is the purpose of GDPR?

Answer 2

Protect citizens personal data

Question 3

What constitutes personal data?

Answer 3

Any information related to a person or ‘Data Subject’ that can be used to identify a person EG names, photo, email address, bank details etc

Question 4

Examples of personal data under GDPR that could apply to property companies?

Answer 4

Investor information, employee information, marketing, tenant, client information.

Question 5

To what organisations does GDPR apply?

Answer 5

All organisations of more that 250 employees

Question 6

What are penalties for GDPR breaches?

Answer 6

4% of annual global turnover or up to 20 million euros.

Question 7

What is the ‘right to access’ under GDPR? How would they do this?

Answer 7

Individuals have the right to obtain confirmation that their data is being processed, and access to their personal data

Through a SAR or Special Access request under Article 15 of of the UK GDPR Act. An individual can request a company provides any information a company holds on that person. The SAR does not have to be formally stated, it can be verbally or in writing or even on social media.

If someone makes a SAR, consult the Workman compliance team on the next steps. You can clarify the request and you can withhold information under certain reasonable grounds which must be stated.

Question 8

What is a breach notification under GDPR?

Answer 8

Need to report within 72 hours of becoming aware of breach

If breach high risk, then need to notify individual without delay

Question 9

How are data breaches typically discovered?

Answer 9

Access logs, reported thefts, lost equipment or data security incident, technology/systems audits

Question 10

How have consent conditions been strengthened under GDPR?

Answer 10

Consent must be given using plain and clear language

Must be as easy to withdraw consent as it is to give it

Question 11

What is ‘right to be forgotten’ under GDPR?

Answer 11

Under Article 17 of GDPR, individuals have right to have personal data erased in certain circumstances

Data no longer necessary

Data been processed unlawfully

Question 12

What is data portability?

Answer 12

Under Article 20 - Right for data subject to receive personal data concerning them which they have previously provided, and have it transmitted to another controller

Question 13

What is privacy by design?

Answer 13

Legal requirement under GDPR

Calls for inclusion of data protection from onset of designing systems, rather than as addition

Question 14

What is data protection officer?

Answer 14

An individual appointed to monitor internal compliance and advise on an organisations data protection obligations

Only required if organisation is public body, authority or carrying out certain type of processing activity

Question 15

Examples of data held by surveying practices?

Answer 15

Payroll and HR

Customer data for marketing

Emails and correspondence relating to clients and employees

Question 16

What are obligations imposed by GDPR?

Answer 16

Must have knowledge of data you store and process

Need to be able to provide information on how data is used and the rights of individuals regarding their data

Need to be able to demonstrate data is being managed in compliant manner

Must be able to delete every instance of an individuals data in compliance with ‘right to be forgotten’

Must keep data in format that allows portability to another data processor, should the need arise

Data must be securely stored with sufficient access controls and encryption where necessary

Question 17

Who regulates GDPR in the UK?

Answer 17

Information Commissioners Office - ICO

Question 18

RICS best practice points for complying with GDPR? How does Workman compl

Answer 18

Conduct data review

Anonymise data where possible

Encrypt everything where possible

Treat commercial data in same way as personal data, even though not covered by GDPR

Question 19

What are your companys policies for data protection breaches?

Answer 19

Report to line manager or Data Protection Officer/compliance team within the firm

Question 20

RICS recommendations for using confidential information?

Answer 20

Document purposes for which you are allowed to hold information

Keep record of consent for processing, storage and retention

Check if you have appropriate contractual clauses for use of information

Question 21

What information should be included in firms privacy notice?

Answer 21

What information you have

What the information will be used for

Which third parties information will be shared with

How long information will be stored for

What legal rights they have

Question 22

When did GDPR come into effect under the Data Protection Act 2018?

Answer 22

May 2018

Question 23

What are the 7 principles of Data Protection Act 2018? (AKA 7 principles of GDPR)

Answer 23

Lawfulness, fairness, transparency

Accuracy

Accountability

Purpose limitation

Storage limitation

Data minimisation

Integrity and confidentiality

Question 24

8 individual rights under GDPR?

Answer 24

Right to Information

Right to Access

Right to Rectification

Right to Erasure

Right to Restrict Processing

Right to Data Portability

Right to Object

Right to Automated Decision Making

Question 25

What was the Freedom of Information Act?

Answer 25

Came into effect in 2000

Allows an individual to request access to information held by a public body

Public body is required to provide that information (within 20 working days) in requested format

They can charge a fee for this

Question 26

What are the provisions of the Land Registry Act (2002)?

Answer 26

Provides a complete and accurate reflection of the state of the title of the land at any given time

Aim is to get all freehold land in England and Wales registered by 2030

Question 27

Disadvantages of the systems you use?

Answer 27

Rely on data input completed by others - human error

External systems - firm is not in control of security

Not user friendly and lots of staff training required!

Question 28

How do you comply with GDPR in your role? 

Answer 28

Don’t forward on email chains

Don’t share passwords or log ins

Wouldn’t sent an email to more than one tenant copied in, BCC.

Question 29

Give me an example of how you ensure that data is kept securely.?

Answer 29

Strong password protection

Firewall

Anti-virus software

Question 30

What is copyright? 

Answer 30

The exclusive and assignable legal right given to the originator for a fixed number of years, to print, perform, film or record literacy, artistic or musical material. 

Question 31

What does block chain mean?

Answer 31

Shared ledger system that facilitates process of recording transactions across a computer network

Question 32

What are the obligations under GDPR?

Answer 32

Need to have knowledge of data held and processed
Have the ability to delete data every instance of data on subject
Demonstrate data management compliance
Prove how data is used
Prove data portability (allow subject to reuse personal data for own purpose)

Question 33

Explain the growing use of AVMs in the industry?

Answer 33

Automated valuation models

• Speed, cost and removal of human errors
• Issue is that prop isnt inspected and lack of comparable data

Question 34

Can you give me some examples of reports that you run?

Answer 34

Arrears report
Tenancy schedules
Service charge analysis

Question 35

What is a firewall?

Answer 35

Computer network security system that restricts internet traffic

Question 36

Which records are manually kept in your office and why?

Answer 36

Financial records e.g. invoices and receipts - In case the system ever goes down

Question 37

Who is exempt from GDPR?

Answer 37

National security
Journalism (In some circumstances)
Law enforcement
Academic research
Public health

Each of these organisations have their own rules to follow

Question 38

Can you tell me how CCTV relates to GDPR and the principles that underpin it?

Answer 38

Data transparency - Lawful/fair
Purpose limitation - requires personal data to be collected
Storage limitation - Only retained for time period
Secured against unauthorised access - data controller etc

Question 39

How do you access and use your Data Management systems, such as HORIZON

Answer 39

Property Management System eg Horizon
1) Encrypted login
2) Two factor authentication
3) Search up property on system - go to data source needed e.g. invoice

Question 40

What is an electronic document management system?

Answer 40

Workman use EFS - Electronic Filing System

Question 41

What are the limitations of secondary data sources?

Answer 41

No control on what is contained in data
Lack of confidence could be wrong and inaccurate - validity
above link to GDPR

Question 42

How do you comply with GDPR in your role?

Answer 42

Report breaches
Do not give out personal info
Keep records of data consent
Ensure info held is in line with GDPR

Question 43

Can you tell me about the retention of files and limitations act 1980?

Answer 43

Sets out how long business should keep documents
for. States legal action must be brought within 6 years of issue arising

Question 44

What is BIM and how can it be used?

Answer 44

Building information modelling
- Generate and manage digital representations of elements of a building e.g. project planning and historic preservation

Question 45

Explain how the H&S updates you make ensure you can monitor compliance on Meridian and Quooda?

Answer 45

Time stamped record of actions completed and comments made as well as who made them

See when risk assessments run out - Instruct

Question 46

Can intellectual property be transferred?

Answer 46

Yes - Written agreement e.g. contract/assignment

Question 47

What are CPSES?

Answer 47

Commercial Property Standard Enquiries

Question 48

What constitutes personal data?

Answer 48

Any info relating to identified person

Question 49

How is data managed on the Tramps (Horizon + Sharepoint) platform?

Answer 49

Collaboration and sharing between different teams
within businesses (and between business)

Only authorised users can access certain files

Audit trails document activity

Question 50

How does your firm ensure property management systems are correct?

Answer 50

Property managers can view certain information on the property management system but they cannot alter anything

For any changes, they must submit a data input form which must be signed off by an associate or higher. The data input controllers can only input what is on the forms.

Client accountants can make some changes to the property management system but most changes require the data input controllers

Any changes have a digital receipt which shows who made a change and when.

Question 51

How does Workman ensure confidential information is kept secure?

Answer 51

The compliance team operate a red, amber, green system.

Red - document is marked as confidential and cannot be shared externally or edited

Amber - Internal firm wide documents eg detailing Workman policy - only Workman user accounts may access them and they will be rejected if shared to external recipients. Workman used Azure Information Protection (AIP) to track and encrypt documents

Green - Documents can be shared freely