Data Management level 1 Flashcards
Why is it important to verify and analyse data to provide good advice?
Need to consider the reliability of data, and without verification of data sources you cannot guarantee accuracy, and therefore may be providing inaccurate advice
What databases and systems have you used?
Microsoft Excel
Salesforce
What online databases have you used?
EGI
Edozo
What are other sources of information in addition to online databases?
- Speaking to local agents
- Physical evidence and documentation (although usually dated)
- Marketing boards
- In house trackers
What is the importance of handling/storing data with sensitivity?
In order to comply with UK GDPR, as well as the RICS RoC and bylaws of confidentiality
What are the key concepts of the Data Protection Act (2018)? What other acts may you consider?
Aimed to supplement UKGDPR (2016) relating to storing and processing personal data. Which conatin the 7 principals
Other acts-
* UKGDPR (2016)
* Freedom of Information Act (2000)
What are the 7 principles of GDPR?
- Lawfulness, fairness and transparency
- Purpose limitation
Controller must specify the purposes for processing data when it is collecte - Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
- (EU ONLY NOT UKGDPR) Not to be transferred outside the EU Economic Zone
What are the first 4 individual rights of GDPR?
- Right to be informed
- Right of access
- Right of rectification
- Right to erasure
Are there any exemptions to complying with the Data Protection Act?
If it would prejudice a criminal matter under investigation
What are the penalties of non-compliance?
4% of global turnover or £17.5m
How does a password protected data site ensure GDPR is adhered to?
It ensured data is processed as per the principles of GDPR
* Confidentiality (security of data)
* Data minimised and purpose limited to this use only
What is copy right? Can it be transferred?
- Set of rights that is granted to the creator of original work.
- Form of intellectual property
- Can be transferred, licensed or assigned.
What is data triangulation?
When considering reliability of data and risks, where possible, verify data against alternative source through ‘triangulation’.
Who enforces GDPR? Say there is a breach of data, who enforces GDPR?
ICO – Information Commissioners Office
What enforcing powers do the ICO have?
- Conduct audit checks to check you are complying with obligations
- Serve an Enforcement Notice order if there has been a breach
- fines
- Prosecute you if you fail to comply with Enforcement Notices
- Report to Parliament on issues of concern.
What actions are undertaken at CBRE to ensure data security?
- Mandatory training
- Phishing security check on emails – IT team verify if email/link is safe.
- Password protected computers – password updated every 3 months
- Email retention
- CBRE File transfer systems
- Firewalls and blocked sites
What is the UK General Data Protection Regulation (2016) and Data Protection Act 2018
- EU GDPR no longer applies in UK and entirely transcribed by UK GDPR.
- UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998).
- It gives people right to be informed about how their personal information is used.
What is a Data Controller?
- Decide how and why personal data is processed and is directly responsible for GDPR.
In what timeframe do data breaches need to be reported to ICO?
- 72hrs where there is loss of personal data and risk of harm to individuals.
What does Article 5(1) Principles in UK GDPR state?
Relates to storage of personal data. Data must be:
* Processed lawfully, fairly, transparent matter.
* Collected for specified and legitimate reason.
* Accurate and kept up to date.
* Kept in a form that permits identification of data for no longer than is necessary.
* Appropriate security of data – protection against unauthorised processing.
What is the Freedom of Information Act 2000
Gives individuals the right to access information held by public bodies.
* Public body must confirm if they hold the information
* Public body must supply data in 20 working days in the format requested.
* It can charge for the provision of the information.
What is NDAs?
Legal contract that binds a party to confidential information.
What will the Proposed RICS Professional Statement on Data Handling and Prevention of Cyercrime state?
- Include best practice and mandatory obligations
- Proposed to address how to capture, store, share data appropriately and securely and will mandate policies such as training for firms and members.
Is breaching GDPR civil or criminal?
criminal