Data Management - KT Qs Flashcards

1
Q

What is the main legislation behind Data Protection?

A

General Data Protection Regulation (2016) (GDPR) aimed to create a single data protection regime for the European Union.

It came into effect in the UK as the Data Protection Act (2018). = Right to be Informed.

Freedom of Information Act (2000) = Right to Access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does the EU GDPR still apply in the UK?

A

UK GDPR has adopted the EU GDPR regulation and is incorporated into the Data Protection Act (2018).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the role of UK GDPR?

What is the role of the Data Protection Act (2018)

A

UK GDPR is supplemented by the Data Protection Act (2018) and relates to PERSONAL DATA.

It aims to create a single data protection regime and empower individuals to take control of how their data is used by third parties.

Crucially – gives people the RIGHT TO BE INFORMED about how their personal information is used.

Provides a framework for companies processing personal data to ensure this is handled correctly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Personal Data under the Data Protection Act (2018)

A

May include:

Race
Ethnic background
Religious beliefs
Genetics
Biometrics
Health

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do you understand about UK GDPR? What are key requirements of GDPR?

Key points about the legislation?

A

An obligation to conduct data protection impact assessment for high risk holding of data.

New rights for individuals to have access to information on what personal data is held – and the option to have it erased.

A data controller decides how and why personal data is processed and is directly responsible for GDPR.

A new principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations.

Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.

Fines up to 4% of global turnover of the company or £17.5 million (whichever is the greater).

Policed by the ICO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 8 individual rights under UK GDPR? What rights do you/your clients have in relation to saved data?

A
  1. Right to be informed
  2. Right of access
  3. Right to rectification
  4. Right to erasure
  5. Right to restrict processing
  6. Right to data portability (to use for their own purposes)
  7. Right to object
  8. Rights to automated decision making and profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do you need to do in the event of a data breach / cyberattack?

A

Notify the Information Commissioners Office (ICO) within 72 hours of the breach where there is a loss of personal data and a risk of harm to individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the penalty / what is the fine for non-compliance with UK GDPR?

A

Fines up to 4% of the global turnover of the company, or £17.5 million (whichever is the greater).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who is UK GDPR policed by?

A

Information Commissioners Office (ICO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the Freedom of Information Act (2000) do?

A

Freedom of Information Act (2000) = Right to Access!

Gives individuals the right of ACCESS to information held by public bodies.

The public body must tell any individual requesting sight of information whether it holds it.

Normally the public body is required to supply it in 20 working days in the format requested.

It can charge for the provision of the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What exemptions are allowed under the Freedom of Information Act (2000). When would someone not be allowed to access their information?

A

Contrary to the GDPR requirements

If it would unduly influence a criminal matter under investigation or a person’s / organisation’s commercial interest i.e. if there is an overriding public interest to not allow access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If you received a Freedom of Information Act (2000) request would you act on it?

A

The Freedom of Information Act (2000) gives individuals a right of access to information held by the public sector.

The request must be in writing.

Information must not be exempt – e.g. personal data or national security.

If I received a FOI request I would not need to act on it, unless the information was held in the public domain/public body.

(This is becuse FoI relates to info held by public bodies - not confidential information).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Does the RICS say anything about Data Management? Any guidance?

(COMMON QUESTION)

A

Proposed: Professional Standard on: Data Handling and Prevention of Cyber Crime – aimed at how surveyors capture, store and share data.

Likely mandate policies and practices and training for all regulated firms and members.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What forms of data security technologies are available?

How can you keep data secure? How would you prevent cybercrime?

A

Disk encryption – encrypting data on a secure hard disk drive.

Firewalls

Password protection and anti-virus software protection

Regular back-ups off-site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What forms of data protection do Cluttons have in place?

A

All of the above

Password protection folders for client data

Cluttons hold a number of ‘IT Security’ training sessions

Clients have to ‘opt in’ to distribution lists in order to be contacted – if an enquiry has not ‘opted in’ to comply with our GDPR regulations we are unable to contact them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Cluttons policy when collecting and storing data?

A

In compliance with UK GDPR and the Data Protection Act (2018).

Kept for no longer than necessary

Collected for a specified, explicit purpose

Password protected folders with ‘Code Names’ where necessary.

17
Q

How do you hold Client Data?

A

Password protected folders with ‘code names’ where necessary. This is held for the relevant time (at least 6 years after instruction for PII reasons).

Any paper copies are kept in locked cupboards, main reception security 24-hours a day.

18
Q

What is a Non-Disclosure Agreement (NDA)?

A

NDA = A legally binding contract that establishes a confidential relationship.

19
Q

What is Copyright?

A

A set of exclusive rights granted to the author/creator of any original work

Form of intellectual property

Crown Copyright refers to all material created and prepared by the Government – such as laws, public records, official press releases and OS survey maps.

It is essential to acknowledge any copyright information duplicated in work.

20
Q

What are the benefits of Cloud-Based Storage Systems?

A

Information is automatically backed up on encrypted servers.

Accessibility can be managed via online settings.

Cloud systems are cheaper than the costs of physically storing and managing files.

It is convenient to send and share files online instead of mailing physical copies.

Cloud systems are environmentally friendly.

21
Q

Tell me what practices do you put in place to secure data?

A

Password protected folders with ‘code names’ where necessary. This is held for the relevant time (at least 6 years after instruction for PII reasons).

Any paper copies are kept in locked cupboards, main reception security 24-hours a day.

Regular back ups off site + Cloud based storage.

22
Q

What are you doing with information if you have a Conflict of Interest?

A

Request client informed consent they are happy with conflict management.

Creating password protected folders with ‘code names’ - to ensure information / ethical barrier is in place and absolutely no oversight from either party.

23
Q

Are there any regulations governing data management?

A

GDPR (General Data Protection Act) 2016 = aimed to create a single data protection scheme in the EU.

Data Protection Act (2018) = UK implementation of the GDPR = Right to be INFORMED.

Freedom of Information Act (2000) = Right to ACCESS.

24
Q

Can I get a few takeaways from the Data Protection Act (2018)?

A

UK implementation of GDPR.

Relates to PERSONAL DATA. Gives individuals the RIGHT TO BE INFORMED about how their personal infomation is used.

Must be used for specific purposes. Must be kept for no longer than is necessary, and must be handled securely.

Policed by the Information Commissioner’s Office (ICO) - data security breches need to be reported to ICO within 72 hours.

Fines of up to 4% of global turnover of the company or £17.5 million (whichever is greater).

25
Q

What rights do you have in relation to saved data?

(What are the individual rights under UK GDPR)?

A

Everyone has the right to:

RIGHT TO BE INFORMED (about how data is being used).

RIGHT OF ACCESS (their personal data)

RIGHT TO RECTIFICATION (Have incorrect data updated)

RIGHT TO ERASURE

RIGHT TO RESTRICT PROCESSING

DATA PORTABILITY (allowing you to reuse your personal data for different services).

RIGHT TO OBJECT

26
Q

Do you ever use the Government/Valuation Office Agency website?

A

Yes I used the VOA to establish the rateable value for commercial premises.

27
Q

What information can be gleaned from that?

What was the rateable value of the property in your case study?

A

VOA published new Rateable Value list for England and Wales in April 2023.

The current multipliers are: £0.49p for RV’s less than £51,000 (small business multiplier) and £0.512p for RV’s of more than £51,000 (higher multiplier).

So for my case study …

The Rateable Value for the 4th floor was £52,500. As this was higher than the threshold of £51,000, I used the higher multiplier (£0.512p).

This = the Rates Payable of £14.50 per sq ft for the 4th floor.

28
Q

Tell me what you can find on the Land Registry website and how this can help you in your work?

A

Land and property data (Title documents)

Title Deeds.

Title Register.

Title Plan.

Property ownership information.

Part of KYC - proving good title.

29
Q

What does land edged red on the Land Registry website generally signify?

A

Red edging on a plan indicates the demise of a piece of land.

30
Q

What would you do if there was a data security breach at your firm?

A

Report to the ‘data controller’ (compliance officer) immediately.

They MUST report the breach to the Information Commissioners Office (ICO) with 72 hours where there is a loss of personal data and a risk of harm to individuals.

31
Q

Are there any fines for non-compliance?

A

Fines of up to 4% GLOBAL TURNOVER of the company, or £17.5 million (whichever is the greater).