Data Management Flashcards
What is the Data Protection Act 2018
It is the UK’s implementation of GDPR. It came into force on 25th May 2018 and replaced the Data Protection Act 1998.
What is the purpose of this act?
The Act is a complete data protection system as well as governing personal data covered by GDPR, it covers all other general data from 1998 act.
Do RICS produce any guidance with regard to data protection?
The Electronic Document Management Guidance Note which recommends the following:
• Protect files and documents with passwords
• Ensure attachments are saved alongside the original email they were sent with
• Create a standard folder structure
• Ensure only the appropriate people have access to folders
• Back up data regularly
What are the benefits of keeping electronic files?
- More environmentally friendly
- Enables remote working
- Ease of transferring information
What are the 8 principles of the Data Protection Act?
- Processed fairly and lawfully
- Processed only for relevant purposes
- Adequate, relevant and not excessive in relation to the purpose for which it is held
- Accurate and up to date
- Held no longer than necessary
- Processed in line with the data subject’s rights
- Kept securely
- Not be transferred to countries that don’t have similar data protection laws
How do you ensure you comply with the data protection laws?
• I do not collect or store sensitive information
• My company is registered with the Information Commissioners Office
• I ensure I comply with the principles of the Data Protection Act 2018
• I only send marketing information to those who have given me written or verbal consent for me to do so
• I ensure I remove people from marketing lists promptly if requested to do so
• When sending out mass emails about available properties I ensure email addresses are BCC’ed to keep them private
- Data systems are password protected
- Anti-virus/phishing software used.
Key Requirements of the Data Protection Act 2018?
- New rights for individuals to have their personal data held or erased
- conduct data protection impact assessments
- Comply with new regulations and prove to ICO.
- Breached reported to ICO within 72 hours.
- Increased fines - 4% global turnover or 20 million euros
- Policed by ICO
8 individual rights under GDPR?
- Right to be informed I
- Right to access A
- Right to rectification R
- Right to erasure E
- Right to restrict processing P
- Right to data portability P
- Right to object O
- Rights to automated decision making D
What is the freedom of information act and how may it impact your work?
Individuals have the right to request information from public authorities and companies wholly owned by public bodies. This information must be provided in the format requested within 20 working days. This may affect me in regards to documents supplied for a planning application for example a viability assessment.
Is there any exclusion on information that can be obtained through an FOI?
Commercially sensitive information may be redacted or criminal case
How long to do you hold personal data?
You must not keep personal data for longer than you need it. You should be able to justify the reason to keep personal data. This will depend on your purposes for holding the data. You should also periodically review the data you hold, and erase or anonymise it when you no longer need it.