Data Management level 1

Question 1

Why is it important to verify and analyse data to provide good advice?

Answer 1

Need to consider the reliability of data, and without verification of data sources you cannot guarantee accuracy, and therefore may be providing inaccurate advice

Question 2

What databases and systems have you used?

Answer 2

Microsoft Excel
Salesforce

Question 3

What online databases have you used?

Answer 3

EGI
Edozo

Question 4

What are other sources of information in addition to online databases?

Answer 4

• Speaking to local agents
• Physical evidence and documentation (although usually dated)
• Marketing boards
• In house trackers

Question 5

What is the importance of handling/storing data with sensitivity?

Answer 5

In order to comply with UK GDPR, as well as the RICS RoC and bylaws of confidentiality

Question 6

What are the key concepts of the Data Protection Act (2018)? What other acts may you consider?

Answer 6

Aimed to supplement UKGDPR (2016) relating to storing and processing personal data. Which conatin the 7 principals
Other acts-
* UKGDPR (2016)
* Freedom of Information Act (2000)

Question 7

What are the 7 principles of GDPR?

Answer 7

1. Lawfulness, fairness and transparency
2. Purpose limitation
   Controller must specify the purposes for processing data when it is collecte
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability
8. (EU ONLY NOT UKGDPR) Not to be transferred outside the EU Economic Zone

Question 8

What are the first 4 individual rights of GDPR?

Answer 8

1. Right to be informed
2. Right of access
3. Right of rectification
4. Right to erasure

Question 9

Are there any exemptions to complying with the Data Protection Act?

Answer 9

If it would prejudice a criminal matter under investigation

Question 10

What are the penalties of non-compliance?

Answer 10

4% of global turnover or £17.5m

Question 11

How does a password protected data site ensure GDPR is adhered to?

Answer 11

It ensured data is processed as per the principles of GDPR
* Confidentiality (security of data)
* Data minimised and purpose limited to this use only

Question 12

What is copy right? Can it be transferred?

Answer 12

• Set of rights that is granted to the creator of original work.
• Form of intellectual property
• Can be transferred, licensed or assigned.

Question 13

What is data triangulation?

Answer 13

When considering reliability of data and risks, where possible, verify data against alternative source through ‘triangulation’.

Question 14

Who enforces GDPR? Say there is a breach of data, who enforces GDPR?

Answer 14

ICO – Information Commissioners Office

Question 15

What enforcing powers do the ICO have?

Answer 15

• Conduct audit checks to check you are complying with obligations
• Serve an Enforcement Notice order if there has been a breach
• fines
• Prosecute you if you fail to comply with Enforcement Notices
• Report to Parliament on issues of concern.

Question 16

What actions are undertaken at CBRE to ensure data security?

Answer 16

• Mandatory training
• Phishing security check on emails – IT team verify if email/link is safe.
• Password protected computers – password updated every 3 months
• Email retention
• CBRE File transfer systems
• Firewalls and blocked sites

Question 17

What is the UK General Data Protection Regulation (2016) and Data Protection Act 2018

Answer 17

• EU GDPR no longer applies in UK and entirely transcribed by UK GDPR.
• UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998).
• It gives people right to be informed about how their personal information is used.

Question 18

What is a Data Controller?

Answer 18

• Decide how and why personal data is processed and is directly responsible for GDPR.

Question 19

In what timeframe do data breaches need to be reported to ICO?

Answer 19

• 72hrs where there is loss of personal data and risk of harm to individuals.

Question 20

What does Article 5(1) Principles in UK GDPR state?

Answer 20

Relates to storage of personal data. Data must be:
* Processed lawfully, fairly, transparent matter.
* Collected for specified and legitimate reason.
* Accurate and kept up to date.
* Kept in a form that permits identification of data for no longer than is necessary.
* Appropriate security of data – protection against unauthorised processing.

Question 21

What is the Freedom of Information Act 2000

Answer 21

Gives individuals the right to access information held by public bodies.
* Public body must confirm if they hold the information
* Public body must supply data in 20 working days in the format requested.
* It can charge for the provision of the information.

Question 22

What is NDAs?

Answer 22

Legal contract that binds a party to confidential information.

Question 23

What will the Proposed RICS Professional Statement on Data Handling and Prevention of Cyercrime state?

Answer 23

• Include best practice and mandatory obligations
• Proposed to address how to capture, store, share data appropriately and securely and will mandate policies such as training for firms and members.

Question 24

Is breaching GDPR civil or criminal?

Answer 24

criminal

Question 25

Who is Data Protection Officer at CBRE?

Answer 25

* Geraldine Mash – Compliance Director

Question 26

What information can be found in title documents?

Answer 26

Land registry can supply Title Register to provide the following information: * Ownership info * Tenure * Price paid (if after 2000) * Title plan * Restrictive covenant – something that restricts the use of the land

Question 27

What is the Data Protection Act 2018?

Answer 27

* EU GDPR no longer applies in UK and entirely transcribed by UK GDPR. * UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998). * It gives people right to be informed about how their personal information is used.

Question 28

What is UK General Data Protection Regulation?

Answer 28

* It gives people **rights** to be **informed** about how **their personal information is used**

Question 29

How do you ensure GDPR is considered when handling client’s data and information?

Answer 29

I comply with the principles of UK GDPR. * **Purpose limitation** – only used for that purpose * **Data minimisation** – only hold required information, nothing more * **Accuracy** – updated regularly * **Storage limitation** – information safely deleted once no longer required * **Integrity and confidentiality** – not shared with any other parties

Question 30

What is the significance of safeguarding personal data?

Answer 30

* Legal compliance (GDPR) * Trust – data breaches can erode trust * Prevent financial loss * Protection – sensitive data

Question 31

How do you safeguard personal data?

Answer 31

* Limit access * Strong authentication * Regular access reviews * Data security technologies

Question 32

What is a firewall?

Answer 32

* A security system that **monitors** and **controls** network traffic based on predetermined security rules. * It acts as a **barrier** between a trusted networks and untrusted networks

Question 33

How does a password protected data site ensure GDPR is adhered to?

Answer 33

It ensured data is processed in a manner that ensured appropriate security of the personal data, as per the principles of GDPR * Confidentiality (security of data) * Data minimised and purpose limited to this use only

Question 34

What data did you extract from EG Radius, EPC Register, Edozo Maps and Online Planning Portals?

Answer 34

**EG Radius** - Transacted properties (verified through agents) - Map tool Information: - Date of transaction - Asking and achieved rents - Agent - Tenant **EPC Register** - Postcode to determine EPC **Edozo Maps** - Used for site plans in reports - Building scale – 1:100 - Street/location – 1:1,250 - Location scale – 1:2,5000 **Online Portals** - Planning permission - CIL charges - Conservation area

Question 35

Were there any limitations?

Answer 35

EG radius - Limited information - Need to check accuracy EPC - If expired no way to know the new one Edozo Maps - Costly Online Portals - Address is different to Planning permission - Not user friendly

Question 36

How did you use the information?

Answer 36

EG Radius - Comparable evidence - Map tool EPC - Valuation reports - Sustainability Edozo Maps - Location/site maps - Valuation reports Online planning portals - Development pipeline - Correct planning permission - Development appraisals – Hope value - CIL charges and S.106 in valuations

Question 37

Why do you lock your laptop? What other ways can you protect yourself?

Answer 37

* Protect sensitive data * Prevents breaches * CBRE compliance Other ways * Shred any confidential papers * Lock papers in a locker * Phishing awareness * Strong passwords * Training

Question 38

What are second 4 individual rights of GDPR?

Answer 38

5. Right to restrict processing 6. Right to data portability (access and reuse) 7. Right to object 8. Rights related to automated decision making e.g. profiling

Question 39

What exemptions are there to providing information as permitted by the Freedom of Information Act 2000

Answer 39

Exemptions are allowed if contrary to GDPR requirements

Question 40

Example of what is included in an NDA?

Answer 40

* **How** the person can **use the information**. * Ensure copies of any of the **data** are kept **securely**. * To **inform** the **main party** if any confidential information becomes **disclosed** to unauthorised parties. * Only use the confidential info for the **purpose intended**. * Usually includes the **term** of the agreement, such as 2, 3, 5 **years** etc. * **Signed** by the parties

Question 41

What data security technologies are you aware of?

Answer 41

* **Disk encryption** * Regular **backups** off site * Cloud storage * Password protection and use of **anti-virus software** * **Firewalls**

Question 42

Easy to remember principles of GDPR

Answer 42

P – Processed Fairly & Lawfully L – Longer - Not kept Longer than necessary A – Adequate and not excessive C – Countries - Not transferred to Countries without the same data security A – Accurate & up to date R – Relevant D – Data subject’s rights S – Securely - Kept Securely

Question 43

Easy ways to remember individual rights

Answer 43

R – Restrict processing E - Erasure A - Access D – Data Portability R – Rectification A – Automated decision making and reporting I – Informed O – Object

Question 44

Who is new compliance officer

Answer 44

Ryan Correa

Question 45

If you were unsure about a data concern who would you speak to?

Answer 45

Data Protection officer compliance officer