Data Management Flashcards
How long do you need to keep data for?
• 6 years if the contract is signed underhand.
• 12 years if the contract is signed as a deed.
• RICS recommends up to 15 years, this is the limitation period for most legal claims.
What type of data systems are used in your organisation?
• Shared hard drives.
• Backup servers.
• Online storage systems such as Dropbox.
• Software such as Microsoft Teams.
• Project extranet
What are the benefits of cloud-based storage systems?
• Easy access anywhere in the world.
• Secure / password protected.
• Low set up cost.
• Teams can work in ‘real time’.
• Access control / restrictions are available for confidential files and folders
What is BCIS?
• Building Cost Information Service.
• Provides cost and price data for the UK construction industry. The data will help to produce specific estimates for option appraisals, provide early cost advice, and plan costs and benchmarks.
• Part of RICS
What is the Data Protection Act 2018?
• The Data Protection Act 2018 controls how your personal information is used by organisations, businesses, or the government.
• It is the UK’s implementation of the General Data Protection Regulation (GDPR).
What is GDPR?
• GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
• It also addresses the transfer of personal data outside the EU and EEA areas
What is the purpose of GDPR?
• GDPR was designed to harmonise data privacy laws across all member countries as well as provide greater protection and rights to individuals.
• GDPR was also created to alter how businesses and other organisations can handle the information of those that interact with them.
• There’s the potential for large fines and reputational damage for those found in breach of the rules
Who are the key persons outlined within GDPR?
• Data Controller: Decides how and why to collect and use the data. Ensures that data processing complies with data protection law.
• Data Processor: A separate person who processes data on behalf of the controller and in accordance with their instructions.
• Data Subject: Individual whom personal data is about.
• Data Protection Officer: Ensures compliance with the data protection regulations without replacing the functions carried out by the supervisory authorities
What constitutes personal data?
• Any information related to a natural person or ‘Data Subject’ that can be used to identify the person directly or indirectly.
• This can include a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
• The legislation applies not only to electronic data but also to any records that are stored in a form that is easily searchable
What is the difference between a data processor and a data controller?
• Controller: Determines the purposes, conditions, and means of processing personal data.
• Processor: An entity that processes personal data on behalf of the controller
What are the 7 key principles of GDPR?
- Lawfulness, fairness, and transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality (security).
- Accountability
What are the 8 individual rights under GDPR?
- To be informed.
- To access.
- To rectification.
- To erasure.
- To restrict processing.
- To data portability.
- To object.
- To automated decision-making and profiling
Who enforces GDPR?
The Information Commissioner’s Office
What is the Freedom of Information Act 2000?
• Provides public access to information held by public authorities.
• It does this in two ways:
1. Public authorities are obliged to publish certain information about their activities.
2. Members of the public are entitled to request information from public authorities
If you intend to destroy a document, what things should you consider beforehand?
• Is the document an original contract/legal document?
• Could the document be required for litigation or other proceedings?
• Does the document relate to a live project?
• Is a backup copy available
What measures could be taken to protect commercially sensitive information?
• Have a non-disclosure agreement in place.
• Physical separation of staff.
• Security of stored documentation, including locked filing cabinets and password-protected servers
Are there any ways that we can protect data when we are transferring it on a client’s behalf?
• Encryption and password locking.
• Recorded special delivery.
• Mark it as confidential.
• Using secure networks and software
What is an information barrier?
• A physical and/or electronic separation of individuals within the same firm.
• The aim is to protect confidential information