Data Management Flashcards
(25 cards)
What are Ballymore’s data protection protocols?
- Regular anti-virus & software updates
- Staff training with fake Phishing emails
- VPN & two-factor authentication requirement when working remotely
Why is data protection important?
- Leaked information could be costly to the business (sensitive information)
- Damage reputation
What is a VPN, and how does it work?
A service that creates a secure and private connection between your device and the internet
- Hides IP address, protecting personal information
- Encrypts data, securing remote Wi-Fi usage
What is UK GDPR, and what is its purpose?
UK legislation that controls how personal information is used.
The UK GDPR is the UK’s version of the EU GDPR, and sets out the fundamental principles and rights related to data protection.
Sits alongside the UK Data protetion Act (2018)
- Aims to empower individuals to take control of how their data is used by third parties.
- It gives people rights to be informed about how their personal information is used.
Difference between UK GDPR and DPA 2018
GDPR provides a unified data protection framework across the EU, while the Data Protection Act tailors GDPR principles to UK law, with specific national adaptations.
While both GDPR and DPA aim to protect personal data, the DPA incorporates additional layers and exceptions that reflect the legal and societal needs of the UK.
(e.g how UK law enforcement handle data
DPA sets the framework for how UK GDPR is enforced, including penalties for non-compliance.
DPA minimum consent age = 13
What is the Data Protection Act (2018) Act, and what is its purpose?
UK law that sets out the framework for how personal data is processed and protected.
The DPA 2018 supplements the UK GDPR by providing further detail, clarity, and exceptions (e.g national security), and extends data protection laws to activities that are expressly excluded from the UK GDPR.
Purpose = to protect individuals’ personal data and ensure it is used lawfully and transparently.
* controls how your personal information is used by organisations, businesses or the government
What are the Individuals’ rights under GDPR (8)?
- Right to be Informed: Individuals have the right to know how their data is being used.
- Right of Access: Individuals can request access to their personal data.
- Right to Rectification: Individuals can request corrections to inaccurate or incomplete data.
- Right to Erasure: Also known as the “right to be forgotten,” individuals can request deletion of their data under certain circumstances.
- Right to Restrict Processing: Individuals can request that their data be processed only under specific conditions.
- Right to Data Portability: Individuals can obtain and reuse their personal data for their own purposes across different services.
- Right to Object: Individuals can object to the processing of their data for certain reasons, including direct marketing.
- Rights Related to Automated Decision-Making and Profiling: Individuals have rights concerning decisions made without human intervention, particularly those that significantly affect them.
What are some of the principles of the UK GDPR?
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
How would you go about organising and storing data to ensure compliance with the Data Protection Act (2018)?
- Classify data by sensitivity
- Use secure, encrypted storage
- Ensure access is restricted to authorised individuals
- Regularly review and delete data that is no longer necessary
What is BIM, and how can it be used?
– Digital process that integrates multi-disciplinary data on a project
- BIM data can be used throughout the lifecycle of a building, from design and construction to operation and maintenance, ensuring efficient management of the asset
Benefits/disadvantages of BIM?
- Reduce human error & save time
- Real-time updates when design changes
- However, high initial cost with software and training
How would you respond if you suspected a data breach in your firm?
- Report to the Data Protection Officer.
- Investigate the breach to understand its scope, and work to contain it
- Notify affected individuals/regulatory bodies – Notify ICO within 72 hours
How would you ensure that data being shared externally complies with data protection regulations?
- Anonymise/encrypt data.
- Use clear data-sharing agreements.
-
Obtain necessary consents - only share with authorised third parties
Compliance with company policies and relevant data protection laws is key.
Give me a key difference between DPA 2018 and GDPR
- The minimum age of consent for processing a person’s data is 13 years old in the UK under the DPA, and 16 years old in the GDPR.
Who oversees Data privacy compliance in the UK?
- The Information Commissioner’s Office (ICO)
What are the penalties for breaching the DPA?
- Fines up to £17.5 million or 4% of global turnover (whichever is higher).
- Reputational damage and loss of trust.
What is the Freedom of Information Act 2000?
- Law that provides public access to information held by public authorities.
- Individuals can request information, subject to certain exemptions.
What is an NDA used for and how long is it active for?
- A legal contract that protects confidential information.
- Prevents parties from sharing sensitive information with unauthorised individuals or entities.
- Typically 3-5 years (governed by contract)
Provide some examples of types of data held by surveying practices that are covered under GDPR?
- Data held to help service a Client (accounting info, compliance systems)
- Emails and other correspondence
- Other physical records held on file
- Customer data held for marketing purposes
How do you comply with GDPR in your role?
- I report suspected breaches (affected bodies immediately and 72 hours ICO - penalty = £17.5 million/4% annual turneover)
- I implement measures to ensure that my laptop is secure (2 factor auth) to help ensure data processed securely
—–> and prevents unauthorised access and data breaches - I do not give out confidential or personal information
- I keep records of consent for processing, storing and retaining data
Can you give an example of where you use GDPR?
In my role I personally am not involved with the processing of 3rd party data.
I am aware that S&M process personal data I.e if someone opts in for marketing of new projects, we will not share this information with third parties unless consent provided (intended use)
What kind of personal data do you currently handle?
Vouchers
—–> I ensure that it is only used for the purposes intended (i.e to send the vouchers to)
—–> DO not share this with 3rd parties
—-> do not send them anything else unless have provided consent
Work E-mails
Even if it’s a work email, if it relates to a natural person, it falls under GDPR.
What is personal data?
any information relating to an identifiable natural person
What are cookies?
- Small text files that websites store on your device when you visit them.
- They help websites remember information about you, like your preferences or what you’ve put in your shopping cart, without you having to re-enter it every time
