Data Management Flashcards
how can data be stored securely
technologys such as:
password protection
anti virus software protection
cloud storage
regular backups off site
multi-factor authentication
how do you comply with UK GDPR when dealing with mailing lists
Consent: Ensure members have opted into receiving communications like industry updates or event invitations.
Professional Updates vs. Marketing: Differentiate between updates directly related to professional obligations (legitimate interest) and promotional content (which requires consent).
Opt-Out: Provide clear options for members to opt-out or update their preferences at any time.
Use of Data Processors: If RICS uses email marketing platforms, ensure these platforms comply with UK GDPR rules.
what sorts of info does a firm retain in order to comply with other laws
what training have you undertaken
phising emails- scams
cyber security month- help people promote how to store data- offer prizes-
inductions- member of IT data security while working at colliers
how do you check the reliability of the source of information and the risks attached?
should verify data through traingulation
triangulisation- using multiple datasets, methods, theories and/or investigators to address a research question.
what is the freedom of information act
-Gives individuals the right of access to information held by public bodies
-The public body must tell any individual requesting sight of information whether it holds it
-Normally the public body is required to supply it in 20 working days in the format requested
-It can charge for the provision of the information
what is the GDPR
empower individuals to take control of how their data is used by third parties
what are the requirements of GDPR
data protection impact assessments for high risk holding of data
data security breaches need to be reported to ICO within 72 hrs where there is a loss of personal data and a risk of harm to individuals
fines of up to 4% global turnover of the company or £17.5m
what is the RICS professional standard for data management
data handling and prevention of cyber on data handling and prevention of cybercrime
what is GDPR and data protection act?
Rules were put in data protection act 2018
same rules
left EU GDPR in 2016 after brexit
general data protection regulation
empowers individuals to take control how their data is being used by third parties
ICO
information commissioners office
govern and insures businesses are adhering to data protection act
what to do if clients data is breached?
see how far the breach has gone.
whenever in doubt report to ICO and look on the website as theres an self assessment page.
have to report to ICO within 72 hrs where there is a loss of personal data and risk of harm to individuals
what happens if you breach GDPR and the penalty?
up to 4% of global turnover or £17.5m (whichever is greater)
what are the individual rights under UK GDPR?
right to be informed
right to access
right to rectification
right to erasure
right to restrict processing
right to data portability
right to object
right to automated decision making and profiling
how does your company follow GDPR?
data controller decides how and why personal data is processed and is directly responsible for GDPR