Data Management L1/L2 Flashcards
Name the two main regulations/Acts relating to Data Protection
EU’s General Data Protection Regulations (now UK since Brexit)
Data Protection Act 2018
How has GDPR regulations changed since we have left the EU
UK has created own UK GDPR which mirrors the EU version
Describe the purpose of the Data Protection Act 2018
The Act is a complete data protection system so covers personal data as outlined by the GDPR, it covers all aspects of general data covered under the Data Protection Act, 1998. Controls how personal information is used by organisations, businesses and government
Set the guidelines for companies for the collection, processing, storage and protection of personal data and to give individuals the rights to access, and correct their personal data and prevent it from being used for marketing
What Act does the DPA 2018 replace
DPA 1998
Describe data breaches under Data Protection Act 2018
upto 4% of global turnover or 17.5 million euros
What requirements are there for data breaches
• Data security breaches to be reported to the Information Commissioners Office (ICO) within 72 hours where there is a loss of personal data
CJ policy is to immediately speak to Joanne Dick, notify ICO within 72 hours
Describe the purpose of a data protection officer
DPO is a role required by the ICO for overseeing a company’s data protection strategy and its implementation to comply with GDPR requirements
Describe the role of a data controller
• A data controller decides how personal data is processed and responsible for GDPR
Describe personal data examples
names, addresses, date of birth, CVs, appraisals, emails, texts
How is your organisation compliant with GDPR
- Lock computers when not at desk
- All paper documentation is filed in locked cabinets
- When onsite, prevent taking personal information on paperwork
- Prevent sharing passwords
- Don’t have paper files unless really necessary
Describe and define the 8 individual rights under GDPR
- Right to be informed - Individuals have the right to be informed about the collection and use of their personal data.
- Right of access and recieve copy of their personal data - Subject access request
- Right to rectification - incorrect personal data rectified
- Right to erasure - personal data to be erased
- Right to restrict processing
- Right to data portability
- Right to object to data processing
- Rights to automated decision making and profiling.
Describe the Freedom of Information Act 2000
- Gives individuals the rights to access information held by public bodies.
- Public bodies (government / Local authorities) are required to issue information held on individuals within 20 days of request.
Why is data management important in your area of practice
Fee pricing, tendering success, report writing, legal implications, research of comparable evidence
Where do you get information / data in your area of practise
Google Maps, CoStar, EIG, Right Move Plus, Pricing books, Land Registry, Companies House
What systems are there to manage information in your area of
Excel, Outlook, DMS, SharePoints, Connect (secure database for storing clients contact details)
