Data Management

Question 1

Which body is responsible for enforcing GDPR?

Answer 1

Information Commisioners Office (ICO)

Question 2

What does the Freedom of Information Act enable ?

Answer 2

Public right of access to information held by public authorities.

Question 3

How do you ensure that data kept on your clients is kept secure and confidential?

Answer 3

“Limit access to sensitive data using smart passwords.
Use antivirus protection
Use a dedicated server stay on top of security updates”

Question 4

How long do you keep company data ?

Answer 4

“It is a requirement of our PII insurance that all information should be kept for 6 years.
I am aware of the limiations act to claims which can be brought about up to 15 years after the act of negligence. “

Question 5

Can you expand on what BCIS is ?

Answer 5

Build Cost Information Service, a database that provides construction cost data.

Question 6

What are the benefits of using external data sources such as BCIS?

Answer 6

“Industry wide data
standardisation
data management.”

Question 7

What are the limitations of BCIS?

Answer 7

It’s data collated from historic projects and therefore the information is old, especially in volatile economic climates. The tender price index can be used to adjust costs accordingly, but even quarterly updates are not quick enough to keep up with inflation and cost rises at present.

Question 8

What does GDPR stand for?

Answer 8

General Data Protection Regulation

Question 9

When did GDPR come into effect?

Answer 9

New rules relating to how we collect and process personal data - EU GDPR rules came into effect in May 2018.

Question 10

What happens if you do not meet requirements ? (Gdpr)

Answer 10

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher

Question 11

Have you completed training on GDPR ?

Answer 11

Yes

Question 12

What legislation covers data protection in the UK?

Answer 12

Data Protection Act 2018 and UK GDPR

Question 13

What are the 7 principles of GDPR?

Answer 13

“1. Lawfulness, Fairness and Transparency
2. Purpose Limitation
3. Data minimisation
4. Accuracy
5. Storage Limitation
6. Integrity and confidentiality
7. Accountability
“

Question 14

What should you do if there is a data breach ?

Answer 14

Inform the Information Commissioners Office no later than 72 hours after becoming aware of it.

Question 15

What are the GDPR rights ?

Answer 15

“right to be informed
rights of access
right to rectification
right to erase
right to restrict processing
right to data portability
right to object
rights in relation to automated decision making and profiling.”

Question 16

What is the Data Protection Act 2018?

Answer 16

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government

Question 17

Why do the General Data Protection Regulations 2018 exist?

Answer 17

To control how your personal information is used by organisations, businesses or the government

Question 18

What type of breaches are there under the GDPR?

Answer 18

“Disclosure
Destruction
Alteration”

Question 19

How have you changed the way you managed data whilest working remotely ?

Answer 19

1) Only allowed to use work equiptment, 2) Storage of files/documents to be locked away
3) Regular updates on and password protected equiptment.

Question 20

What is a project extranet ?

Answer 20

Essentially it is a system that allows individuals outside the company to view project files on a secure platform.

Question 21

What are IOS standards

Answer 21

International Organisation Standardisation.

Question 22

What is the Limitations Act 1980?

Answer 22

It is a statue of limitation which provides timescales within which action may be taken for breaches of the law.

Question 23

Give me examples of data you manage ?

Answer 23

“Client Details
Finances
Contact details
Project details
Complaints.”

Question 24

What is personal data ?

Answer 24

“Personal data only includes information relating to natural persons who:
Can be identified or are identifiable directly from the information in question.
Who can be indirectly identified from the information in combination with other information.
Personal data may also include special catagories of personal data or criminal conviction and offence data.”

Question 25

What is the process if there is a data breach ?

Answer 25

“If there is a breach an organisation must:
1. Report the breach to the International Commissioners Office within 72 hours of being aware of the breach.
2. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
3. You must also keep a record of any personal data breaches, regardless of whether you are required to notify.”

Question 26

Why is it important that we safeguard information?

Answer 26

As personal data can be used in various ways

Question 27

What kind of information is sensitive ?

Answer 27

Health records, financial information, address, education records.

Question 28

How do you ensure the data that you hold on your clients is kept secure and confidential?

Answer 28

”* We use an only system to carry out checks
* Operate a clear desk policy
* Shredding of details etc
* Two factor authentication of IT systems”

Question 29

How long do you keep client’s data and how do you ensure it is deleted when necessary?

Answer 29

“Dependent on the type of data and the contract
* Under hand - 6 years
* Under deed - 12 years
* Limitations act – 15 years”

Question 30

What is personal information?

Answer 30

”* Address
* DOB
* Bank details”

Question 31

What is copyright?

Answer 31

Copyright is an intellectual property right assigned automatically to the creator.

It prevents unauthorised copying and publishing of an original work.

Question 32

Tell me about data sources used in your instruction?

Answer 32

Nimbus, land stack, costar, land reg, bcis

Question 33

Why is the Data Protection Act 2018 important and what are the key points?

Answer 33

Is uk legislation which controls how personal data is used by organisations, businesses or governments. Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security)
Accountability.

Question 34

What is the difference between the data protection act and GDPR ?

Answer 34

GDPR is european wide and Data Protection Act is just UK.
The GDPR provides a detailed framework with guidelines and requirements. The DPA provides additional specifics to accommodate the UK’s legal system.
The GDPR imposes higher fines than the DPA. The GDPR’s maximum fine is €20 million or 4% of a company’s global turnover, whichever is higher. The DPA’s maximum fine is £17.5 million or 4% of global turnover

Question 35

What are the problems with using BCIS

Answer 35

The largest companies don’t feed into it, lack of data in certain locations, contracted price not always clear what is included excluded and out of date