Data Management Flashcards
What is data protection?
How personal data is collected, used + stored by companies, governments, authorities + services
What is personal data?
Information relating to an identified or identifiable person
Includes name, address, DOB, phone number, email address, location data
What is special category data?
Includes personal data about someone’s ethnic origin, political opinions, religious beliefs, health, sexual orientation
What is non-personal data?
Includes surveys, company registration numbers, generic email addresses + anonymised data
Why is data protection important?
To comply with legal obligations + avoid fines
To protect customers + employees from identity theft
To uphold company’s reputation
What key legislation relates to data protection in the UK?
Data Protection Act 2018
What is the Data Protection Act 2018?
UK law that governs how personal information is used by organisations, businesses + governments
UK’s implementation of GDPR + replaces DPA 1998
What is the purpose of the Data Protection Act 2018?
Controls how personal information can be used + right to ask for information about yourself
Who does the DPA apply to?
Data controllers + processors
What is the definition of a data subject?
Person whose data it is
What is the definition of a data controller?
Company or person who decides on data’s use
What is the definition of a data processor?
Whoever uses the data
What does is UK GDPR and what does it stand for?
UK General Data Protection Regulation
Law designed to protect people’s personal data + privacy
Sets out how governments, companies + organisations can collect, store + use personal information
What is the purpose of UK GDPR?
Law that relates to processing of personal data
Sits alongside DPA 2018
When did the UK GDPR come into effect + who regulates it?
2021 (post Brexit)
Information Commissioners Office
What Act implemented GDPR in the UK?
DPA 2018
Who regulates GDPR in the UK?
ICO (Information Commissioners Office)
How have consent conditions been strengthened under UK GDPR?
Consent must be given in plain + clear language (best practice to give this in writing)
Ability to withdraw consent at anytime
What is a Data Protection Officer?
Responsible for monitoring internal compliance + obligations for data protection
Only required for entities involved in large scale processing of personal data
What data is affected by UK GDPR + the DPA 2018?
Personal data
Sensitive personal data (including genetic + biometric data)
Electronic data
Manual data, e.g. business cards + written reports
Could you provide examples of data held by surveying practices
Data relating to background checks by HR
Tenant information - personal details, lease agreement, payment history
Market data - information on property values + market trends
Client data - names, contact details, bank details
Maintenance records - records of maintenance requests, completed repairs
Who are the key persons outlined in the UK GDPR / DPA 2018?
Controller - decides how + why personal data is used
Processor - handles personal data on behalf of controller
Data officer - oversees data protection + ensure compliance with rules
What does the UK GDPR say about consent?
Sets high standard for consent
Consent must not be assumed
Pre-ticked are banned
Consent requires clear action - needs to be documented
Customers are allowed to withdraw at any time
RICS best practice points for complying with GDPR?
Conduct a data review
Anonymise + encrypt data where possible
Understand data processing