Data Management Flashcards
How long should old files be held for on a client
6 years before securely disposed of
What is the purpose of GDPR
Protect citizens personal data
What constitutes personal data
Any information relating to a person that can be used to identify them
Such as name, photos, email address, bank details
Examaples used in the property industry
Investor data
Valuation
Background checks by HR
Compliance checks
Data security technologies
Fire wall and disaster recovery procedures
Password protection and use of anti-virus systems
Regular back ups off site
Disk encryption
… Essential that data is kept safe from corruption and access is suitably controlled. Ensuring privacy and protection
What legislation are you familiar with regarding data management
Uk GDPR 2016 and data protection act 2018
Who is responsible for GDPR and how and why personal data is used
The data controller
Who do you report a data breach too
The information commissioners office ICO Within 72 hours
Individual rights under GDPR
Rights to be informed
Access
Rectification
Erasure
Restrict processing
Data portability
Object
Freedom of information act 2000
Gives individuals the right of access to any info held by public bodies
Exceptions include criminal matters under investigation and commercially sensitive info
7 key principals of data storage UK GDPR
Lawfullness, fairness and transparency- process data legally openly and honestly
Purpose limitation- use data for clearly defined purposes
Data minimisation- collect only what’s necessary
Accuracy
Storage limitation
Integrity and confidentiality- protect from breaches
Accountability
Give an example of how Bradley hall prevents data breaches
We have password protected files and when working from home and signing in from a seperate internet connection we need to connect to the Bradley hall vpn
What information requires further security
Health records and bank details
What are the UK GDPR Regulations
The UK GDPR (General Data Protection Regulation) sets rules for processing personal data in the UK.
It is set out by showing
Data protection principals
Lawful bases for processing
Rights of data subjects
Accountability and governance
Security of processing
Data breaches
Penalties for non compliance
What are the RICS guidelines on data storage
Confidentiality: Ensure all client and project data is securely stored and accessible only to authorized personnel.
Compliance: Adhere to relevant data protection laws (e.g., GDPR) and industry standards for secure storage and management.
Accuracy and Integrity: Maintain accurate records, ensuring data is not altered or corrupted during storage.
Retention: Store data for an appropriate duration in line with legal, regulatory, or contractual requirements, then securely dispose of it.
Security: Implement robust measures like encryption, password protection, and secure physical storage for hard copies.
Access Control: Monitor and control who can access stored data to prevent unauthorized use or breaches.
Disaster Recovery: Have plans in place for data backup and recovery to safeguard against loss from system failures or cyber-attacks.s
Key differences between RICS guidelines and UK GDPR
Rics focuses on maintaining professional standards where as UK GDPR is a legal framework
Uk GDPR applies to all organisations processing data
RICS guidelines focus on client confidentiality and ethical handling of all data types
RICS is not legally enforceable although breaches may lead to disciplinary action
ANSWER: THE RICS GUIDELINES emphasise ethical professionalism and sector specific best practices, whilst UK GDPR imposes legal obligations focusing on personal data and individual rights. RICS members must adhere to both.
