Data management Flashcards
Can you name the recently introduced regulations set out to control how companies manage data they hold?
The General Data Protection Regulation 2016
-EU’s legislation that governs how personal data is handled
Can you name legislation this is supported by?
The data protection act 2018
How does GDPR affect your working activities?
I apply the Data Protection Act 2018 in my daily work by ensuring that I handle personal data in accordance with the principles of the Act. This includes:
Notifying individuals about how their personal data will be used and stored
Ensuring that personal data is accurate and up-to-date
Storing personal data securely, using encryption and access controls as necessary
Only collecting and processing personal data that is necessary for the purposes of the project
Ensuring that personal data is not shared with third parties without the individual’s consent
Can you name any of the principles covered in the Data Protection Act 2018?
- Used fairly, lawfully and transparently
- Used specific, explicit for the purposes as intended
- Used in a way that is adequate, relevant and limited only to what is necessary
- Kept no longer than is necessary
How does CBRE comply with GDPR?
- Only collect data for a specific purpose
- Kept in a safe location
- Kept accurate and up to date
- Has a data protection officer (DPO)
What is meant by ‘to be forgotten’?
- It is one of the fundamental rights introduced by GDPR
- Allows an individual to request removal of their data on databases under specific circumstances
- When they withdraw consent
- When storage of their data is no longer required
How do would you deal with cyber security at home or hybrid working?
- Ensure laptop and phones have passwords
- Microsoft two factor authentication on my phone for logging into outlook or Microsoft apps
- Use a secure WiFi connection at home and at work
- Antivirus software on my laptop
- Remote access policies
What are current challenges that Covid and or Brexit is bringing to data management?
- UK organisation must navigate new data transfer mechanisms to ensure compliance with EU data protection laws, while EU organisations may face additional regulatory hurdles when transferring data to and from the UK
- Hybrid working - need to increase cyber security and ensure data is protected
What are 7 key principles under GDPR?
- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality (security).
- Accountability.
What are the 8 individual rights under GDPR?
- To be informed
- To access
- To rectification
- To erasure
- To restrict processing
- To data portability
- To object
- To automated decision making and profiling
How long do you need to keep data for?
- 6 years if contract is signed under hand
- 12 years if contact is signed under deed
- RICS recommend 15 years, as this is the end of the limitation period
What type of data systems does CBRE use?
- Cloud based transfer
- Microsoft one drive
- Back up server
- For Common data environments I used AutoDesk Construction Cloud
What are the key persons identified in GDPR?
- Data Controller
- Data Processor
- Data Subject
- Data Protection Officer
Who enforces GDPR?
The Information Commissioner’s Office (ICO)
What are are the fines of Non Compliance with GDPR?
£17.5 million fine or 4% of annual turn over, whichever is greatest
What is an information barrier?
A physical or electronic separation between individuals within the same firm to protect confidential information
When does the Data Protection Act apply?
If you are collecting personal data for an organisation
Who is the data controller?
The organisation processing the information
What would you do in the event of a data breach?
Contract IT
Inform line manager
Notify ICO within 72 hrs
What is the difference between GDPR 16 and DPA 18?
GDPR states that a child can consent to data processing at 16, DPA is 13
GDPR gives people the right to automated decision making. DPA allows automated decision making if there are valid reason for it.
What is the 3-2-1 backup rule?
3 copies of data - Create 3 copies of your data ie original and 2 back ups.
2 media types - Hard drive and CBRE secure server
1 offsite copy - CBRE secure server
Which legislation gives individuals the right to access any information held by public bodies?
Freedom of information Act 2000
Are there any exemption to the FIA 2000?
Only information that would prejudice a criminal matter or break GDPR requirments is not allowed.
What must companies do to comply with the Data Protect Act 2018
Register with the information commissioners office (ICO) and pay an annual fee
How do you ensure confidentiality of clients data?
Data is handled in accordance with the Data Protect act 2018
- I follow the guidance on CBRE best practice documents
- Only collecting and processing personal data that is necessary for the purposes of the project
- Ensuring that personal data is not shared with third parties without the individual’s consent
- Pointcloud data for example is kept for retention for 6 years
What does the Freedom of Information Act 2000 require of public bodies?
A public body must tell anyone who asks where it holds the requested information.
The public body usually has to provide the information within 20 working days and in the format requested.
The public body can charge a fee for providing the information.
What are the RICS Data Standards, 2018?
Set of stabdards ti suppoort the capture, verifcation and sharing of data in a common format
They address issues of digital data consistency
What data are the RICS Data Standards, 2018 already available for?
International Property Measurement Standards (IPMS)
What is included in a Land Registry title register?
A: Property Register - description of the property, tenure, the data the property was first registered and any rights it may benefit from e.g. private right of way
B: Proprietorship register - name and address of the current owner, when they bought the property, how much was paid for it (if sold since 1 April 2000), any restrictions that limit power of the owner and the class of the title
C: Charges register - mortgages and other financial burdens received on the property. Other rights or interest that limit how the land or property can be used e.g leases, rights of way or covenants
What is ‘personal data’ as defined by GDPR?
as any information relating to an identified or identifiable natural person (referred to as a “data subject”). This means any piece of information that can directly or indirectly identify a person.
What is a SAR?
Subject access request
- Gives individuals rights to request any ‘personal data’ held on them. This right is a principle of GDPR
What is SOC2?
SOC 2 stands for System and Organization Controls 2. It was created by the American Institute of Certified Public Accountants (AICPA) as a way to help organizations verify their security and reduce the risk of a security breach.
What UK Security Standards adopt when consider Data Management Strategy?
ISO 27001
This standard provides a framework for establishing, implementing, maintaining, and continually improving ISMS. It outlines a risk management process involving people, processes, and IT systems.
What is Scoptio?
