Data management

Question 1

What is the Freedom of Information Act about and if your firm received a freedom of information request would you act on it?

Answer 1

The Freedom of Information Act 2000 confers a right to request information held by the public sector.

The request must be in writing.

Information must not be exempt - e.g. personal data or national security.

If I received a FOI request I would not need to act on it unless the information was held in the public domain.

Question 2

What is personal data under the Data Protection Act 2018?

Answer 2

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Personal data may include:
race
ethnic background
political opinions
religious beliefs
trade union membership
genetics
biometrics (where used for identification)
health
sex life or orientation

Question 3

How do you ensure data is protected?

Answer 3

Password protection.

Physically locking up server.

Question 4

What are your firm’s procedures under the data protection regulations?

Answer 4

We adhere to GDPR regulations. For example if somebody makes an enquiry with us they have to opt in to be contacted and if they do not provide consent we are unable to contact them.

Question 5

What are the main principles under the Data Protection legislation?

Answer 5

Everyone responsible for using personal data must make sure the information is:

• Used fairly, lawfully and transparently.
• Used for specified, explicit purposes.
• Used in a way that is adequate, relevant and limited to only what is necessary.
• accurate and, where necessary, kept up to date.
• kept for no longer than is necessary.
• handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

Question 6

What rights do you have in relation to saved data?

Answer 6

You have the right to:

• be informed about how your data is being used
• access personal data
• have incorrect data updated
• have data erased
• stop or restrict the processing of your data
• data portability (allowing you to get and reuse your data for different services)
• object to how your data is processed in certain circumstances.

Question 7

How long should personal data be kept for?

Answer 7

Under the 5th data protection principle of GDPR, personal data cannot be kept for longer than you need it. However, there is no specific time limit. How long you retain data will depend on the PURPOSE for holding the data.

Question 8

For the Brixton Hill letting who had access to the data on your company’s server?

Answer 8

Only people within my company had access to the data. If this data was requested by another agent for example I would have been able to provide it as there was no NDA in place.

Question 9

How was client’s data protected?

Answer 9

Each client’s data is secured in a separate folder on a password protected server. The physical server is kept securely locked away.

Question 10

How is the data kept up to date and what is your role in this?

Answer 10

We periodically review all company data including property information, client information and applicant details. We use an archive system to store old data we may need to refer back to and delete information which is no longer needed.

Question 11

Explain how you went about purchasing data for Battersea Studios and how you ensured that this complied with the GDPR regulations?

Answer 11

We bought in to a data list from Waltons Direct, a registered occupier mailing house. As per their privacy notice, they are fully DPA and GDPR compliant and “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.

Question 12

Do you ever use the Government/Valuation Office Agency website?

Answer 12

Yes I used the VOA to establish the rateable value for commercial premises.

Question 13

What information can be gleaned from that? What was the rateable value of the property in your case study?

Answer 13

The rateable value will indicated the level of business rates payable by using the relevant business rates multiplier.

SBR £49.9p

The standard multiplier is currently £51.2 p in the £.

The rates valuation for my Case Study was £24,476.00.

The rates payable would have therefore been approximately £12,500 per annum.

Question 14

Tell me what you can find on the Land Registry website and how this can help you in your work?

Answer 14

• Land and property data.
• Title deeds.
• Property ownership information.

Access to property ownership information is an essential tool for identifying opportunities.

Part of KYC - proving good title.

Question 15

What does land edged red on the Land Registry website generally signify?

Answer 15

Red edging on a plan generally indicates the demise of a piece of land.

Question 16

Who polices Data Protection in the UK?

Answer 16

The ICO - Information Commissioner’s Office.

The UK’s independent authority set up to uphold information rights in the public interest.

Question 17

Is there any RICS guidance on cybercrime?

Answer 17

There is currently a consultation on a new Professional Statement - ‘Data Handling and Prevention of Cybercrime’.

Question 18

What is Article 5 under GDPR?

Answer 18

Article 5 of the UK GDPR sets out the seven key principles on data.

1. processed lawfully, fairly and transparently.
2. specified legitimate purposes.
3. adequate, relevant and limited to what is necessary.
4. accurate and kept up to date.
5. used and kept for no longer than necessary.
6. appropriate security.
   7.