DATA MANAGEMENT JC

Question 1

What is GDPR?

Answer 1

The GDPR is the new EU regulation covering people’s personal data. Its designed to protect data in an era of mass digital data use. The GDPR is in force across the EU and supersedes data protection laws. It applies alongside member state laws such as the data protection act 2018.

Question 2

What are the aims and benefits of GDPR?

Answer 2

Put simply, GDPR was designed to give the public more say over which organisations have access to their data and what they do with it. GDPR will apply to personal data.

GDPR was aimed at protecting all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.

Question 3

What are the key changes (regarding GDPR)?

Answer 3

• Increased Territorial Scope (extra-territorial applicability)
• Increased Penalties
• Easier consent to the data provider (easily accessible forms for control of their data)

Question 4

What are the roles in GDPR?

Answer 4

Controllers, processors and joint controllers.

Question 5

What is meant by Increased Territorial Scope (extra-territorial applicability) regarding GDPR?

Answer 5

GDPR applies to all companies processing the personal data of data subjects residing in the European Union, regardless of the company’s location.

Question 6

What is meant by penalties regarding GDPR?

Answer 6

Organisations in breach of GDPR can be fined up to 4% of annual global turnover or £20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements

Question 7

What is meant by consent regarding GDPR?

Answer 7

Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent (EUGDPR.ORG Portal, 2018).

Question 8

How would you treat confidential data?

Answer 8

I would make sure to follow my company’s data protection policy. This includes:

• Locking my computer when away
• Paper free desk and using my locker for confidential information
• Use shredder for documents
• Ensure to categorize my soft copy documents with the correct coding - eg. public, private and restricted.

Question 9

What is the Data Protection Act?

Answer 9

It gives individuals the right to know what information is held about them and provides a framework to ensure that it’s handled properly.

Question 10

What challenges does the Data Protection Act pose?

Answer 10

The main challenge is posed by multiple users of the system saving files in incorrect folders so that retrieval of information can be time consuming. There are also risks of careless revisions of documents or accidental deletion - although our server is backed up twice daily so any losses in this respect are mitigated.

Question 11

How do you determine if a document is public, private or restricted?

Answer 11

There is a matrix based on the reputation impact, financial impact and legal impact.

Question 12

How is the GDPR relevant in your day to day work?

Answer 12

• ## I manage high amounts of sensitive data and this needs to be done in line with the data protection act and GDPR.

Question 13

How is the GDPR relevant to the construction industry?

Answer 13

Companies should employ a data protection officer, make sure they comply with all the data protection policy and be clear and transparent when talking about data.

Question 14

What is the freedom of information act 2000?

Answer 14

The Freedom of Information Act 2000 (FOIA) is a UK Act of Parliament that creates a public ‘right of access’ to information held by public authorities. There are two ways in which this is provided:

Public authorities are obliged to publish certain relevant information.
Members of the public are entitled to request information from public authorities.

Question 15

Is the data protection act superseded?

Answer 15

No the data protection act was updated in 2018 to act supplementary to the GDPR.

Question 16

What is the Freedom of Information Act 2000?

Answer 16

The Act provides individuals or organisations with the right to request information held by a public authority. Information must also be published through the public authority’s publication scheme.

Question 17

How do you ensure that you comply with data protection legislation?

Answer 17

You should consider issues such as only keeping information you really need, making sure people know you’ve got it and why, not passing on personal information, holding information securely, limiting access to information, keeping up to date information and deleting any information you have no more need for.

Question 18

What data do you use in your work and how do you manage this?

Answer 18

Consider any data you collect such as financial figures, valuation figures, contact details, etc. and be able to explain how you ensure this complies with the legislation.

Question 19

What are the 7 principles of GDPR?

Answer 19

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability

Question 20

What types of data is considered under GDPR?

Answer 20

Any personal data including:
Name
Religion
Sexual orientation
Trade union membership
Physical or mental health
Genetic data

Question 21

What must you do if you accidentally breach GDPR and send information to the wrong person?

Answer 21

• Report to the ICO (UK regulator) within 72 hours
• Report it internally
• Let the individual data subjects aware

Question 22

What are individuals rights under GDPR?

Answer 22

The right to be informed
The right to rectification
The right to access
The right to erasure (or to be forgotten)
The right to restrict processing
The right to data portability
The right to object
The right not to be subject to automated decision making or profiling

Question 23

What is BIM?

Answer 23

Building Information Modelling