Data Management Flashcards
What are the key principles of GDPR?
*Relates to personal data
*Should only be held with the opt in of the individual
*They have the right to access it, rectify it, erase it, right to be informed, right to object, right to data portability
*Applies the companies in the eu and those outside that offer services in the EU
*Must keep personal data accurate and up to date
*Can only be kept for the purposes it was collected for
*Should be erased as soon as it is not needed for those purposes
*Need a data controller who is responsible
*Must be kept secure
What are the penalties for noncompliance?
4% of global turnover or £17.5m whichever is higher
How do you handle personal data in compliance with GDPR?
Keep data securely, get consent, erase it after it is no longer needed.
Who does GDPR apply to?
Applies the companies in the eu and those outside that offer services in the EU
How does GDPR affect what you do in your role at Bruntwood?
The main personal data I hold is contact details for clients and other consultants. I ensure this is stored securely in a password protected information system and I have their consent to email.
How do you know you have their consent to email them?
GDPR means you must have a valid legal basis for holding/ processing personal data. There are 6 legal basis – consent, carrying out of a contract, legitimate interest, vital interest, legal requirement, public interest.
What specific types of data do you typically collect and store using systems like Google Drive, Viewpoint, and Salesforce?
We store various types of data, such as project information, project directories, contract documentation, and lease agreements. Salesforce is primarily used for managing internal project settings and customer information, while Google Drive and Viewpoint help store and share project-specific files.
How do you ensure that data stored in these systems is organised and easily retrievable?
We use standardised naming conventions and folder structures to ensure files are organised across the business.
Could you provide examples of how you use the solicitors’ online portal to manage build contracts and leases?
The portal allows us to upload, review, and securely store finalised contracts and lease documents.
What additional measures, besides passwords and firewalls, do you implement to ensure the security of these data management systems?
We enforce multi-factor authentication (MFA) for system access, conduct regular security audits, and limit user permissions based on roles.
Could you explain why GDPR compliance is critical in your business?
GDPR compliance is critical because it protects individuals’ rights, helps us avoid fines, and maintains trust with clients and stakeholders by demonstrating our commitment to data privacy and security
What is the Data Protection Act 2018?
*Provides guidance and best practice rules for organisations to follow on how to use personal data.
*UK GDPR is covered by the Data Protection Act 2010
What are the 8 individual rights under UK GDPR?
Right to be informed
Right of access
Right to rectification
Right to erase
Right to restrict processing
Right to data portability
Right to object
Right to automated decision making and profiling
What is a fire wall?
Creates a safety barrier between a private network and public internet
Does your firm provide you with any data protection training?
Regular training materials on our training platform Kallidus, informs of any policy updates
