Data Management level 1 Flashcards

1
Q

Why is it important to verify and analyse data to provide good advice?

A

Need to consider the reliability of data, and without verification of data sources you cannot guarantee accuracy, and therefore may be providing inaccurate advice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What databases and systems have you used?

A

Microsoft Excel
Salesforce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What online databases have you used?

A

EGI
Edozo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are other sources of information in addition to online databases?

A
  • Speaking to local agents
  • Physical evidence and documentation (although usually dated)
  • Marketing boards
  • In house trackers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the importance of handling/storing data with sensitivity?

A

In order to comply with UK GDPR, as well as the RICS RoC and bylaws of confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the key concepts of the Data Protection Act (2018)? What other acts may you consider?

A

Aimed to supplement UKGDPR (2016) relating to storing and processing personal data. Which conatin the 7 principals
Other acts-
* UKGDPR (2016)
* Freedom of Information Act (2000)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 7 principles of GDPR?

A
  1. Lawfulness, fairness and transparency
  2. Purpose limitation
    Controller must specify the purposes for processing data when it is collecte
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability
  8. (EU ONLY NOT UKGDPR) Not to be transferred outside the EU Economic Zone
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the first 4 individual rights of GDPR?

A
  1. Right to be informed
  2. Right of access
  3. Right of rectification
  4. Right to erasure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Are there any exemptions to complying with the Data Protection Act?

A

If it would prejudice a criminal matter under investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the penalties of non-compliance?

A

4% of global turnover or £17.5m

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does a password protected data site ensure GDPR is adhered to?

A

It ensured data is processed as per the principles of GDPR
* Confidentiality (security of data)
* Data minimised and purpose limited to this use only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is copy right? Can it be transferred?

A
  • Set of rights that is granted to the creator of original work.
  • Form of intellectual property
  • Can be transferred, licensed or assigned.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is data triangulation?

A

When considering reliability of data and risks, where possible, verify data against alternative source through ‘triangulation’.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who enforces GDPR? Say there is a breach of data, who enforces GDPR?

A

ICO – Information Commissioners Office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What enforcing powers do the ICO have?

A
  • Conduct audit checks to check you are complying with obligations
  • Serve an Enforcement Notice order if there has been a breach
  • fines
  • Prosecute you if you fail to comply with Enforcement Notices
  • Report to Parliament on issues of concern.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What actions are undertaken at CBRE to ensure data security?

A
  • Mandatory training
  • Phishing security check on emails – IT team verify if email/link is safe.
  • Password protected computers – password updated every 3 months
  • Email retention
  • CBRE File transfer systems
  • Firewalls and blocked sites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the UK General Data Protection Regulation (2016) and Data Protection Act 2018

A
  • EU GDPR no longer applies in UK and entirely transcribed by UK GDPR.
  • UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998).
  • It gives people right to be informed about how their personal information is used.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a Data Controller?

A
  • Decide how and why personal data is processed and is directly responsible for GDPR.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In what timeframe do data breaches need to be reported to ICO?

A
  • 72hrs where there is loss of personal data and risk of harm to individuals.
20
Q

What does Article 5(1) Principles in UK GDPR state?

A

Relates to storage of personal data. Data must be:
* Processed lawfully, fairly, transparent matter.
* Collected for specified and legitimate reason.
* Accurate and kept up to date.
* Kept in a form that permits identification of data for no longer than is necessary.
* Appropriate security of data – protection against unauthorised processing.

21
Q

What is the Freedom of Information Act 2000

A

Gives individuals the right to access information held by public bodies.
* Public body must confirm if they hold the information
* Public body must supply data in 20 working days in the format requested.
* It can charge for the provision of the information.

22
Q

What is NDAs?

A

Legal contract that binds a party to confidential information.

23
Q

What will the Proposed RICS Professional Statement on Data Handling and Prevention of Cyercrime state?

A
  • Include best practice and mandatory obligations
  • Proposed to address how to capture, store, share data appropriately and securely and will mandate policies such as training for firms and members.
24
Q

Is breaching GDPR civil or criminal?

25
Who is Data Protection Officer at CBRE?
* Geraldine Mash – Compliance Director
26
What information can be found in title documents?
Land registry can supply Title Register to provide the following information: * Ownership info * Tenure * Price paid (if after 2000) * Title plan * Restrictive covenant – something that restricts the use of the land
27
What is the Data Protection Act 2018?
* EU GDPR no longer applies in UK and entirely transcribed by UK GDPR. * UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998). * It gives people right to be informed about how their personal information is used.
28
What is UK General Data Protection Regulation?
* It gives people **rights** to be **informed** about how **their personal information is used**
29
How do you ensure GDPR is considered when handling client’s data and information?
I comply with the principles of UK GDPR. * **Purpose limitation** – only used for that purpose * **Data minimisation** – only hold required information, nothing more * **Accuracy** – updated regularly * **Storage limitation** – information safely deleted once no longer required * **Integrity and confidentiality** – not shared with any other parties
30
What is the significance of safeguarding personal data?
* Legal compliance (GDPR) * Trust – data breaches can erode trust * Prevent financial loss * Protection – sensitive data
31
How do you safeguard personal data?
* Limit access * Strong authentication * Regular access reviews * Data security technologies
32
What is a firewall?
* A security system that **monitors** and **controls** network traffic based on predetermined security rules. * It acts as a **barrier** between a trusted networks and untrusted networks
33
How does a password protected data site ensure GDPR is adhered to?
It ensured data is processed in a manner that ensured appropriate security of the personal data, as per the principles of GDPR * Confidentiality (security of data) * Data minimised and purpose limited to this use only
34
What data did you extract from EG Radius, EPC Register, Edozo Maps and Online Planning Portals?
**EG Radius** - Transacted properties (verified through agents) - Map tool Information: - Date of transaction - Asking and achieved rents - Agent - Tenant **EPC Register** - Postcode to determine EPC **Edozo Maps** - Used for site plans in reports - Building scale – 1:100 - Street/location – 1:1,250 - Location scale – 1:2,5000 **Online Portals** - Planning permission - CIL charges - Conservation area
35
Were there any limitations?
EG radius - Limited information - Need to check accuracy EPC - If expired no way to know the new one Edozo Maps - Costly Online Portals - Address is different to Planning permission - Not user friendly
36
How did you use the information?
EG Radius - Comparable evidence - Map tool EPC - Valuation reports - Sustainability Edozo Maps - Location/site maps - Valuation reports Online planning portals - Development pipeline - Correct planning permission - Development appraisals – Hope value - CIL charges and S.106 in valuations
37
Why do you lock your laptop? What other ways can you protect yourself?
* Protect sensitive data * Prevents breaches * CBRE compliance Other ways * Shred any confidential papers * Lock papers in a locker * Phishing awareness * Strong passwords * Training
38
What are second 4 individual rights of GDPR?
5. Right to restrict processing 6. Right to data portability (access and reuse) 7. Right to object 8. Rights related to automated decision making e.g. profiling
39
What exemptions are there to providing information as permitted by the Freedom of Information Act 2000
Exemptions are allowed if contrary to GDPR requirements
40
Example of what is included in an NDA?
* **How** the person can **use the information**. * Ensure copies of any of the **data** are kept **securely**. * To **inform** the **main party** if any confidential information becomes **disclosed** to unauthorised parties. * Only use the confidential info for the **purpose intended**. * Usually includes the **term** of the agreement, such as 2, 3, 5 **years** etc. * **Signed** by the parties
41
What data security technologies are you aware of?
* **Disk encryption** * Regular **backups** off site * Cloud storage * Password protection and use of **anti-virus software** * **Firewalls**
42
Easy to remember principles of GDPR
P – Processed Fairly & Lawfully L – Longer - Not kept Longer than necessary A – Adequate and not excessive C – Countries - Not transferred to Countries without the same data security A – Accurate & up to date R – Relevant D – Data subject’s rights S – Securely - Kept Securely
43
Easy ways to remember individual rights
R – Restrict processing E - Erasure A - Access D – Data Portability R – Rectification A – Automated decision making and reporting I – Informed O – Object
44
Who is new compliance officer
Ryan Correa
45
If you were unsure about a data concern who would you speak to?
Data Protection officer compliance officer
46