DATA MANAGEMENT Flashcards
What is included in the Data Protection Act (2018)?
The Data Protection Act, 2018 aligns with the GDPR (General Data Protection Regulation) and includes provisions for:
1. Data Protection Principles: Outlines rules of processing data, such as fairness, lawfulness and transparency
2. Rights of Individuals: Includes rights to access their data, rectification and the right to erasure
3. Accountability and Governance: Organizations must take responsibility for how they process personal data, ensuring data protection measures are in place
4. Data Breach Reporting: Requires notification of breaches to the ICO (Information Commissioner’s Office) within 72 hours
5. Special Category Data: Additional protection for sensitive data, such as health or racial information
These provisions ensure personal data is processed legally and securely.
What is the UK General Data Protection Regulation (2021) and what is the significance?
The UK GDPR 2021 is the UK’s post-Brexit version of the EU GDPR, governing how organisations must process personal data. It ensures privacy and security for individuals’ personal data and includes penalties for non-compliance.
- Lawful, fair and transparent data processing
- Data minimisation, where only necessary data is collected
- Accountability, requiring organisations to demonstrate compliance
- Data Subject Rights, such as access rectification and erasure of personal data
The significance lies in ensuring privacy and security for individuals’ personal data, alongside strict penalties for non-compliance. It upholds trust in how data is managed across all sectors in the UK.
UK GDPR is covered by the Data Protection Act 2018
What to do if you breach GDPR?
Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
What are the fines for breaching the requirement?
Fines can be up to 4% of global turnover of the company or £17.5 million, whichever is greater.
What did you learn in your CPD on Data Protection and Information Security?
I learnt about the importance of Data Security and measures to ensure compliance with UK GDPR and the Data Protection Act, 2018.
It is applicable in my day-to-day work as I am constantly working with data, internal and external databases and therefore it is important to understand the different measures that should be in place for different types of data.
For example, secured files, locking my laptop and keeping details confidential.
What are the Principles regarding data protection?
The UK GDPR sets out 7 key data protection principles: 1. Lawfulness, fairness and transparency, 2. Purpose limitation, 3. Data minimisation, 4. Accuracy, 5. Storage limitation, 6. Integrity and confidentiality, 7. Accountability.
What are an individual’s Rights regarding Data Protection under UK GDPR?
Under the UK GDPR, individuals have the following key rights: 1. Right to be informed, 2. Right of access, 3. Right to rectification, 4. Right to erasure, 5. Right to restrict processing, 6. Right to data portability, 7. Right to object, 8. Rights in relation to automated decision making.
Under the UK GDPR, individuals have the following key rights regarding data protection:
1. Right to be informed: individuals must be told how their data is collected and used
2. Right of access: They can request access to their person access (subject access requests)
3. Right to rectification: They can ask for inaccuracies in their data to be corrected
4. Right to erasure: Also known as the “right to be forgotten”, individuals can request deletion of their data
5. Right to restrict processing: They can limit how their data is used
6. Right to data portability: They can request their data in a machine-readable format to transfer to another service
7. Right to object: Individuals can object to their data being processed in certain situations, like direct marketing
8. Rights in relation to automated decision making and profiling: They can challenge decisions make without human intervention
These rights ensure individuals have control over how their personal data is handled.
How do you use data in your job?
I use data for running Comparable Schedules, using internal and external databases, and circulating information regarding deals.
How do you dispose of records on your firm’s Internal Systems?
To dispose of records on my firms internal system I would:
1. Retention Policies: Ensure the records meet the firm’s retention period, adhering to legal and regulatory requirements
2. Secure Deletion: Use secure methods such as data wiping tools to permanently remove electronic records, preventing any unauthorised recovery
3. Paper Records: For physical records, shredding or secure disposal methods should be employed
4. Audit Trail: Maintain an audit trail of records disposed, documenting the date and method of disposal
5. Confidentiality: Ensure disposal follows data protection regulations, such as the UK GDPR, to safeguard personal or sensitive information
These steps help manage data responsibly while minimising security risks
Is there a difference in how data is treated between internal and external data management systems?
Yes, internal systems have stricter access control, while external systems require compliance with external policies and legal frameworks.
What are the dangers of using information sources such as CoStar?
The information may not be verified and can be inaccurate or unreliable. Always confirm evidence with the relevant agent.
How do you ensure that information is stored securely and confidentially?
I use password protected files, disk encryption, regular off-site backups, anti-virus software, and firewalls.
How long should you hold data for?
Data should be held for 6 years.
What would you do if information was different on costar and internal?
I would contact the agent directly to ask them.
How do you ensure that the data in the market deal tracker is secure?
It is held within our firm’s internal system which is password protected and has restricted access to the team and certain individuals.
How did you validate external third-party sources?
I ensured to note down any agents that were listed on the data site so that I could call them afterwards to confirm the information I had gathered. It is important to verify information gathered from third-party sources.
How did you remove confidential deals?
On our internal system we are able to label confidential deals and as such I ensure that I remove these from any schedules I circulate to maintain confidentiality.
With deals where we have signed an NDA the system will not allow you to export this data into a schedule.
Can you ever disclose confidential information?
Must have the client’s permission and it depends on whether the deal must remain confidential.
However, it is good to share information regarding deals to promote transparency in the industry.
Why is it important to update information regularly in databases?
It is important to update information regularly in databases to:
1. Ensure Data Accuracy: Regular updates prevent outdated or incorrect information from being used.
2. Maintain Compliance: Keeping databases updated helps meet regulatory requirements.
3. Improve Efficiency: Up-to-date information allows teams to work more efficiently.
4. Reduce Risk: Outdated data can lead to contractual breaches, financial losses, or missed opportunities.
What’s included in a data room?
Leases, EPC, title, measured survey, capital expenditure, service charge.
Who has access to the data room?
Lawyers, client, and myself the agent. However, access is provided to interested parties.
What do you mean by document integrity?
All information is accurate and reliable. Only parties who have rights can edit.
