Data Management Flashcards
Why are diaries important in data?
Diaries can provide key dates for property management systems, e.g. rent collection, rent review notices, insurance renewals, regular inspections, repairing obligations, break clauses, etc.
Define triangulation?
Using multiple sources or methods to validate data and ensure reliability.
Why should you implement triangulation when managing data?
Reduces bias, improves accuracy, and gives more confidence in your findings.
Provide an example of triangulation?
Within my portfolio analysis for the Midlands, I exercised triangulation by reviewing paper copies held on file within the office, speaking with the client’s solicitor to confirm, and speaking with any tenants to discuss upcoming clauses.
What are the 3 key roles outlined in UK GDPR?
- Controller
- Officer
- Processor
What is a data controller?
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
What is a data processor?
A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
What is a data officer?
Assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner.
Where does your company store it’s data?
Cloud-based system.
Where are your servers kept?
For the Savills Birmingham Office specifically, all of the servers are in the Birmingham Comms Room, however all the administration associated with auditing the data is completed by the London Team, out of their London Office.
How do you set up a data room?
What are the principles of GPDR?
- processed lawfully, fairly, and transparently.
- collected for specific, legitimate purposes (not to be used outside of their purposes)
- adequately limited for necessity to the purposes
- kept up to date and accurate
- formatted in a form which permits identification of data subjects for no longer than is necessary
- processed with appropriate security and protection, including accidental loss or damage.
- The controller is responsible and able to demonstrate compliance.
What are the Individual Rights under UK GDPR?
Right to:
- Be Informed
- Access
- Rectification
- Erasure (sometimes known as forgotten)
- Restrict processing
- Data portability
- Object
- Automated decision making and profiling
Why are the Individual Rights under UK GDPR important?
What is a Data Subject?
The individual/party who’s data is being stored or processed.
What do you understand about Data Retention?
Firms require a retention policy for the safe keeping of files.
What is Savills Data Retention Policy?
Tell me about the Retention of Files and Limitations Act, 1980?
This act sets out time limits for data retention periods. The timings depend on the document type, with most needing to be retained for 6 years. There are exceptions to this; for example, a deed needs to be held for 12 years.
How do you safely archive data?
Once the data has passed it’s required retention period it should be securely disposed of by:
- Permanent deletion
- Wiping software
- Digital shredding
- Physical shredding
- Degaussing hardware
- Using secure bins for sensitive information
You should then log the deletion activities in an audit log to confirm disposal. Then, if an individual exerts the right to erasure under GDPR UK, evidential records can be provided.
How frequently do you audit data?
The frequency of an audit should be tailored to consider the type of data being audited. Specifically considering the criticality, risk exposure and regulatory requirements.
For example, high-risk data such as AML documents may require continuous review to ensure they are present, completed, and compliant.
However, low-risk data such as anonymous survey responses may be audited on a lower frequency (e.g. annually).
What is data auditing?
A structured review of data sets to ensure the information is accurate, complete, and compliant with internal and regulatory standards.
How quickly do data breaches need to be reported to the ICO?
Within 72 hours where there is a loss of personal data and a risk of harm to individuals.
What are the penalties associated with a data break?
The greater of either:
- 4% of global turnover of the company or
- £17.5 million
Who is responsible for completing a data audit?
The data controller is the main party responsible for GDPR and must ensure data audits are carried out. If a company appoints a Data Protection Officer, they may also monitor the compliance.
