Data Management Flashcards
Which body is responsible for enforcing GDPR?
Information Commisioners Office (ICO)
What does the Freedom of Information Act enable ?
Public right of access to information held by public authorities.
How do you ensure that data kept on your clients is kept secure and confidential?
“Limit access to sensitive data using smart passwords.
Use antivirus protection
Use a dedicated server stay on top of security updates”
How long do you keep company data ?
“It is a requirement of our PII insurance that all information should be kept for 6 years.
I am aware of the limiations act to claims which can be brought about up to 15 years after the act of negligence. “
Can you expand on what BCIS is ?
Build Cost Information Service, a database that provides construction cost data.
What are the benefits of using external data sources such as BCIS?
“Industry wide data
standardisation
data management.”
What are the limitations of BCIS?
It’s data collated from historic projects and therefore the information is old, especially in volatile economic climates. The tender price index can be used to adjust costs accordingly, but even quarterly updates are not quick enough to keep up with inflation and cost rises at present.
What does GDPR stand for?
General Data Protection Regulation
When did GDPR come into effect?
New rules relating to how we collect and process personal data - EU GDPR rules came into effect in May 2018.
What happens if you do not meet requirements ? (Gdpr)
- £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher
Have you completed training on GDPR ?
Yes
What legislation covers data protection in the UK?
Data Protection Act 2018 and UK GDPR
What are the 7 principles of GDPR?
“1. Lawfulness, Fairness and Transparency
2. Purpose Limitation
3. Data minimisation
4. Accuracy
5. Storage Limitation
6. Integrity and confidentiality
7. Accountability
“
What should you do if there is a data breach ?
Inform the Information Commissioners Office no later than 72 hours after becoming aware of it.
What are the GDPR rights ?
“right to be informed
rights of access
right to rectification
right to erase
right to restrict processing
right to data portability
right to object
rights in relation to automated decision making and profiling.”
What is the Data Protection Act 2018?
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government
Why do the General Data Protection Regulations 2018 exist?
To control how your personal information is used by organisations, businesses or the government
What type of breaches are there under the GDPR?
“Disclosure
Destruction
Alteration”
How have you changed the way you managed data whilest working remotely ?
1) Only allowed to use work equiptment, 2) Storage of files/documents to be locked away
3) Regular updates on and password protected equiptment.
What is a project extranet ?
Essentially it is a system that allows individuals outside the company to view project files on a secure platform.
What are IOS standards
International Organisation Standardisation.
What is the Limitations Act 1980?
It is a statue of limitation which provides timescales within which action may be taken for breaches of the law.
Give me examples of data you manage ?
“Client Details
Finances
Contact details
Project details
Complaints.”
What is personal data ?
“Personal data only includes information relating to natural persons who:
Can be identified or are identifiable directly from the information in question.
Who can be indirectly identified from the information in combination with other information.
Personal data may also include special catagories of personal data or criminal conviction and offence data.”
What is the process if there is a data breach ?
“If there is a breach an organisation must:
1. Report the breach to the International Commissioners Office within 72 hours of being aware of the breach.
2. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
3. You must also keep a record of any personal data breaches, regardless of whether you are required to notify.”
Why is it important that we safeguard information?
As personal data can be used in various ways
What kind of information is sensitive ?
Health records, financial information, address, education records.
How do you ensure the data that you hold on your clients is kept secure and confidential?
”* We use an only system to carry out checks
* Operate a clear desk policy
* Shredding of details etc
* Two factor authentication of IT systems”
How long do you keep client’s data and how do you ensure it is deleted when necessary?
“Dependent on the type of data and the contract
* Under hand - 6 years
* Under deed - 12 years
* Limitations act – 15 years”
What is personal information?
”* Address
* DOB
* Bank details”
What is copyright?
Copyright is an intellectual property right assigned automatically to the creator.
It prevents unauthorised copying and publishing of an original work.
Tell me about data sources used in your instruction?
Nimbus, land stack, costar, land reg, bcis
Why is the Data Protection Act 2018 important and what are the key points?
Is uk legislation which controls how personal data is used by organisations, businesses or governments. Lawfulness, fairness and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality (security)
Accountability.
What is the difference between the data protection act and GDPR ?
GDPR is european wide and Data Protection Act is just UK.
The GDPR provides a detailed framework with guidelines and requirements. The DPA provides additional specifics to accommodate the UK’s legal system.
The GDPR imposes higher fines than the DPA. The GDPR’s maximum fine is €20 million or 4% of a company’s global turnover, whichever is higher. The DPA’s maximum fine is £17.5 million or 4% of global turnover
What are the problems with using BCIS
The largest companies don’t feed into it, lack of data in certain locations, contracted price not always clear what is included excluded and out of date
