Data Management (L2)

Question 1

What is GDPR?
(submission L1)

Answer 1

General Data Protection Regulation

Question 2

What does the Data Protection Act 2018 do?
(submission L1)

Answer 2

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Question 3

What does GDPR do?
(submission L1)

Answer 3

Aims to create single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties.
Gives people rights to be informed about how their personal information is used.

Question 4

What are the 8 individual Rights under UK GDPR:
(submission L1)

Answer 4

1. To be informed
2. To access
3. To rectification
4. To erasure
5. To restrict processing
6. To data portability
7. To object
8. To automated decision making & profiling

Question 5

What are the principles of GDPR and DPA (6 Key Points)
(submission L1)

Answer 5

1. Information used lawfully, fairly and transparently
2. Collected for specified, explicit and legitimate purposes
3. Adequate, relevant and limited to necessity
4. Accurate (kept up to date)
5. Kept no longer than necessary
6. Kept safe

Question 6

What is the maximum penalty for a breach in the Data Protection Act 2018 / GDPR? (think companies not individuals)

Answer 6

Fines - 4% of global turnover or £17.5m (whichever is higher)

Question 7

Who is UK GDPR policed by?

Answer 7

Information Commissioner’s Office (ICO)

Question 8

What are the main differences between EU GDPR and UK GDPR?

Answer 8

Age of consent (13 in UK, 16 in Europe)
Fines (£17.5m in UK, 20m euros in Europe)

Question 9

What constitutes personal data?

Answer 9

Any data relating to a natural person which can be used to directly or indirectly identify them.

Question 10

What are the THREE key categories of people under GDPR?

Answer 10

Data Controller
Data Processor
Data Protection Officer

Question 11

What are the three key categories of people under GDPR?

Answer 11

Controller - the entity responsible for determining the purpose and means of processing personal data.

Note - can also be a joint controller - i.e. an RICS Regulated managing agent with leaseholders information is bound by the RICS Professional Regulations and so is a joint controller.

Processor - an entity with responsibility for processing personal data under instruction from the Controller.

Data processors do not have the same level of GDPR compliance responsibilities as controllers.

Controllers have the strictest level of responsibility for GDPR. Note - employees are treated as agents for the controller.

Data Protection Officer - internal person required within public authorities or organisations who regularly process data, or sensitive data

Question 12

How would you class your firm under GDPR terms?

Answer 12

Both Data Controller and Data Processor
My firms Data controller holds personal data for the firm’s employees.
My firm processes data under instructions of clients (the controller).

Question 13

In a data security breach, what would you do?

Answer 13

1. Inform the person’s whose data has been leaked
2. Report to the ‘Information Commissioners Office’ (ICO) within 72 hours

Question 14

How do you keep data secure in your job?

Answer 14

My firm uses firewalls, encryption and passwords.

Question 15

How can you comply with UK GDPR when dealing with mailing lists?

Answer 15

Only collect information that is required
Ensure that is very clear that there are ways to unsubscribe
Ensure you get consent from participants to be on the mailing list

Question 16

What is the Land Registry?
(submission L2)

Answer 16

Registers the ownership of land and property in England and Wales.

Question 17

What is the House Price Index?
(submission L2)

Answer 17

It captures changes in the value of residential properties.
Uses sales data collected on residential housing transactions, whether for cash or with a mortgage.

Question 18

What are strengths and limitations to the House Price Index?
(submission L2)

Answer 18

Time lag as it based on completed sales at the end of the conveyancing process.
Large data source (land registrations such as that maintained by HM Land Registry).
Breakdowns available by property type, buyer status, funding status and property status.

Question 19

What is the Retail Price Index?
(submission L2)

Answer 19

One of two measures of consumer inflation produced by the ONS.

It measures the average change from month to month in the prices of goods and services purchased by most households in the UK.

Question 20

What is the Consumer Price Index?
(submission L2)

Answer 20

It is the measure of inflation. The CPI includes all spending by private and institutional households and foreign nationals when visiting the UK.

Question 21

What is the main difference between RPI and CPI?
(submission L2)

Answer 21

RPI includes mortgage interest payments: this means it is “heavily influenced” by interest rates.
CPI measures take no account of housing costs: but factors in all the other goods and services.

Question 22

How do you use “check formulas”?
(submission L2)

Answer 22

For example if looking at several schedule or tabs in a service charge budget ensuring that totals in each tab match.

Question 23

How regularly do you update the database for BTR?
(submission L2)

Answer 23

Quarterly - due to the time it takes.

Question 24

What is primary and secondary data?
(submission L1)

Answer 24

Primary data is data I have collected myself (eg if I was to interview an agent for a market report). Secondary data is data collected by someone else (eg Rightmove and Zoopla).

Question 25

How does your firm store project files?
(submission L1)

Answer 25

Project information is marked in date order, categorised by document titles including project and workstream and version number.