Data Management L1 - SoE Q’s

Question 1

How long do you need to keep data for?

Answer 1

6 years if contract is signed underhand

12 years if contract is signed as deed

RICS recommends up to 15 years which is the limitation period for most legal claims.

Question 2

What data systems do you use in your business?

Answer 2

Backup servers

Online transfer systems

Microsoft Teams

Question 3

What are the benefits of cloud-based storage systems?

Answer 3

1. Ease of access anywhere in the world
2. Secure/ password protected
3. Low cost to set up
4. Access controls available for restricted/ confidential files

Question 4

What is the Data Protection
Act 2018?

Answer 4

Controls how personal information is used by organisations, businesses and the government.

The Data Protection Act is the UK implementation of the GDPR regulations.

Question 5

What is GDPR?

Answer 5

EU law for the protection of data and privacy in the EU and European Economic Areas. It also addressed the transfer of data outside of the EU and EEA.

Replaced by UK GDPR 2018.

Question 6

What are the penalties for a data breach?

Answer 6

Fines up to (Higher Maximum - 4% of annual global turnover or 17.5 million pounds, whichever is higher)

(Standard Maximum - 2% of annual global turnover or 8.7 million pounds, whichever is higher)

Question 7

Who enforces
GDPR?

Answer 7

The Information
Commissioners Office.

Question 8

How long do you have to report a personal data breach and who to?

Answer 8

1.72 Hours
2. Report to the ICO -
(Information
Commissioner’s Office)

Question 9

What should you consider before destroying information?

Answer 9

Does the information relate to a live
project.

Is the information backed up i.e. scanned copy saved in project file?

Is the document a contract/ legal document?

Could the document be required for litigation or other proceedings?

Question 10

What are the data protection principles?

Answer 10

LAAPDSI

1. Lawful, fairness and transparency
2. Purpose limitation - personal data must be used for specific purposes
3. Data minimisation - must not be excessive
4. Accuracy
5. Storage limitation - kept for no longer than necessary
6. Integrity & confidentiality -
7. Accountability - individual accountable for processing

Question 11

What are the sensitive groups?

Answer 11

1.race

2.ethnic background

3.political opinions

4.religious beliefs

5.trade union membership

6.genetics

7.biometrics (where used for identification)

8.health

9.sex life or orientation

Question 12

What are your rights under GDPR?

Answer 12

1.be informed about how your data is being used

2.access personal data

3.have incorrect data updated

4.have data erased

5.stop or restrict the processing of your data

6.data portability (allowing you to get and reuse your data for different services)

7.object to how your data is processed in certain circumstances

Question 13

When do you also have rights when an organisation is using your personal data?

Answer 13

1.automated decision-making processes (without human involvement)

2.profiling, for example to predict your behaviour or interests