Data Management

Question 1

What legislation refers to keeping data secure?

Answer 1

GDPR
Data Protection Act 2018

Question 2

How is the database used for effective data management?

Answer 2

Easy to use
Stores a large amount of information
Ability to redact personal data
Ability to extract large amounts of data for analysis
Allows management to assess stock condition and allocate resources as necessary
Check statutory compliance
Promotes trust with the public.

Question 3

How is the projects database used?

Answer 3

Records past, present and future projects
Records important information on the project such as start and finish dates, what the project covers and estimated costs
Links multiple assets
Allows all staff to see important information on the project.

Question 4

How is the repairs database used?

Answer 4

To allocate resources to appointments
To record and redact resident information
To manage statutory compliance

Question 5

How is the stock database used?

Answer 5

To record a large amount of information on an asset
To continuously update
Log statutory compliance
To save files, drawings
Photos and certificates
For anyone in the organisation to access to find out more information

Question 6

How have you used the database to support decision making?

Answer 6

Asset management surveys provide information on the condition of an asset
This is updated on the stock database
This allows for reactive repairs to be undertaken
This allows for management to look at the whole portfolio and determine where resources need to be allocated for larger project work

Question 7

What is GDPR?

Answer 7

The General Data Protection Regulations are a law that was created in the European Union to protect the personal data of citizens
It tells companies what they can & cannot do with personal data and how personal data can be used correctly and lawfully

Question 8

When did GDPR come into force?

Answer 8

25th May 2018

Question 9

How would you report a breach of data?

Answer 9

Within 72 hours to the Information Commissioner’s Office who will investigate.

Question 10

Who is a data controller?

Answer 10

The party that determines the purpose for processing data, how, why and the frequency.

Question 11

Who is a data processor?

Answer 11

Someone who processes data on behalf of the data controller.

Question 12

Who is a data subject?

Answer 12

A party that the data can identify.

Question 13

What does GDPR stand for?

Answer 13

General Data Protection Regulations

Question 14

What are the 7 principles of GDPR?

Answer 14

Lawfulness
Accountability
Accuracy
Security
Purpose limitation
Data minimisation
Storage limitation

Question 15

Fines when data is breached?

Answer 15

4% of annual turnover or EUR 20 million - whatever is greater.

Question 16

What are the storage principles for data?

Answer 16

Data kept for only as long as is necessary for its intended use
This can be achieved through organisations creating a data retention policy.

Question 17

What are the different types of special category/sensitive data?

Answer 17

Outlined under Article 9 of GDPR - there must be a lawful basis to capture and store this information

Race
Religion
Disability
Marital status
Biometric data
Genetic data
Political sway

Question 18

What is personal data?

Answer 18

Data that can identify someone, e.g. Address, name, number, ID number, email.

Question 19

How would you dispose of data?

Answer 19

Redact from online, shred confidential data.

Question 20

How is an organisation accountable within GDPR?

Answer 20

Organisations must take responsibility for their actions and how they comply with the GDPR principles
Appointment of data protection officers
Conduct Data Protection Impact Assessments
Be able to demonstrate compliance with GDPR

Question 21

Benefits of adhering to GDPR rules?

Answer 21

Build customer trust
Reducing data breaches
Increased accountability
Boost operational efficiency

Question 22

What is the Data Protection Act?

Answer 22

2018
UK interpretation of GDPR.
Ensuring data protection principles are followed when processing personal data.
Request personal data with subject access requests.

Includes:
Data breaches to be reported in 72 hours.
Larger fines - 4% of annual turnover or EUR 20 million, whatever is larger.
Data protection officer for 250+ employees.

Question 23

What is the Freedom of Information Act?

Answer 23

2018
Right for public access to information held by public authorities
Public authorities are obliged to publish certain information about their activities
E.g. Emails, CCTV, notes

Question 24

How to request information from public authorities?

Answer 24

Written FOI request
20 days to respond - under section 10 of the FOI Act
Forward onto FOI team ASAP
Identity must be established before personal data is given out
Can be refused if the data is likely to cause disruption - Section 14 of the FOI Act.
Anyone can make an FOI request, including individuals and organizations

Question 25

How does PCC keep information secure?

Answer 25

Document sensitivity labels
Virus protection
Cloud-based storage system with restricted access
Staff training.

Question 26

What is a subject access request?

Answer 26

Under the Data Protection Act 2018

Request for personal data a company holds on an individual

Response within 1 month

Anyone can make a SAR, including third parties on behalf of someone else

Question 27

What is data management?

Answer 27

Data management is the practice of collecting, organising, protecting, and storing an organisation’s data so that it can be analysed for decision making purposes.

Question 28

What is information governance?

Answer 28

Approach to how information is handled correctly and lawfully, processes in place for reporting and recording of data securely such as policies and training for staff.

Question 29

Importance of good data management practices within PCC?

Answer 29

Ensure statutory compliance
Allow for effective resource allocation
Ensures property is let to the most suitable tenant

Question 30

How do you deal with data in your role?

Answer 30

On a daily basis
Updating finances from project valuations
Deal with personal data to contact residents to make appointments. This information is disposed of to be in line with GDPR principles
Inputting statutory compliance information, such as FRA dates and actions.

Question 31

How do you analyse data?

Answer 31

In my role creating building safety cases I have to include data on statutory compliance.
I find this by extracting reports from the database and filter the data to show me the compliance figures.

Question 32

What rights does the data protection act give individuals?

Answer 32

o The right to access
o The right to be informed
o The right to rectification
o The right to erase
o The right to restrict processing
o The right to object use
o The right to data portability