Data Management level 1 Flashcards
Why is it important to verify and analyse data to provide good advice?
Need to consider the reliability of data, and without verification of data sources you cannot guarantee accuracy, and therefore may be providing inaccurate advice
What databases and systems have you used?
Microsoft Excel
Salesforce
What online databases have you used?
EGI
Edozo
What are other sources of information in addition to online databases?
- Speaking to local agents
- Physical evidence and documentation (although usually dated)
- Marketing boards
- In house trackers
What is the importance of handling/storing data with sensitivity?
In order to comply with UK GDPR, as well as the RICS RoC and bylaws of confidentiality
What are the key concepts of the Data Protection Act (2018)? What other acts may you consider?
Aimed to supplement UKGDPR (2016) relating to storing and processing personal data. Which conatin the 7 principals
Other acts-
* UKGDPR (2016)
* Freedom of Information Act (2000)
What are the 7 principles of GDPR?
- Lawfulness, fairness and transparency
- Purpose limitation
Controller must specify the purposes for processing data when it is collecte - Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
- (EU ONLY NOT UKGDPR) Not to be transferred outside the EU Economic Zone
What are the first 4 individual rights of GDPR?
- Right to be informed
- Right of access
- Right of rectification
- Right to erasure
Are there any exemptions to complying with the Data Protection Act?
If it would prejudice a criminal matter under investigation
What are the penalties of non-compliance?
4% of global turnover or £17.5m
How does a password protected data site ensure GDPR is adhered to?
It ensured data is processed as per the principles of GDPR
* Confidentiality (security of data)
* Data minimised and purpose limited to this use only
What is copy right? Can it be transferred?
- Set of rights that is granted to the creator of original work.
- Form of intellectual property
- Can be transferred, licensed or assigned.
What is data triangulation?
When considering reliability of data and risks, where possible, verify data against alternative source through ‘triangulation’.
Who enforces GDPR? Say there is a breach of data, who enforces GDPR?
ICO – Information Commissioners Office
What enforcing powers do the ICO have?
- Conduct audit checks to check you are complying with obligations
- Serve an Enforcement Notice order if there has been a breach
- fines
- Prosecute you if you fail to comply with Enforcement Notices
- Report to Parliament on issues of concern.
What actions are undertaken at CBRE to ensure data security?
- Mandatory training
- Phishing security check on emails – IT team verify if email/link is safe.
- Password protected computers – password updated every 3 months
- Email retention
- CBRE File transfer systems
- Firewalls and blocked sites
What is the UK General Data Protection Regulation (2016) and Data Protection Act 2018
- EU GDPR no longer applies in UK and entirely transcribed by UK GDPR.
- UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998).
- It gives people right to be informed about how their personal information is used.
What is a Data Controller?
- Decide how and why personal data is processed and is directly responsible for GDPR.
In what timeframe do data breaches need to be reported to ICO?
- 72hrs where there is loss of personal data and risk of harm to individuals.
What does Article 5(1) Principles in UK GDPR state?
Relates to storage of personal data. Data must be:
* Processed lawfully, fairly, transparent matter.
* Collected for specified and legitimate reason.
* Accurate and kept up to date.
* Kept in a form that permits identification of data for no longer than is necessary.
* Appropriate security of data – protection against unauthorised processing.
What is the Freedom of Information Act 2000
Gives individuals the right to access information held by public bodies.
* Public body must confirm if they hold the information
* Public body must supply data in 20 working days in the format requested.
* It can charge for the provision of the information.
What is NDAs?
Legal contract that binds a party to confidential information.
What will the Proposed RICS Professional Statement on Data Handling and Prevention of Cyercrime state?
- Include best practice and mandatory obligations
- Proposed to address how to capture, store, share data appropriately and securely and will mandate policies such as training for firms and members.
Is breaching GDPR civil or criminal?
criminal
Who is Data Protection Officer at CBRE?
- Geraldine Mash – Compliance Director
What information can be found in title documents?
Land registry can supply Title Register to provide the following information:
* Ownership info
* Tenure
* Price paid (if after 2000)
* Title plan
* Restrictive covenant – something that restricts the use of the land
What is the Data Protection Act 2018?
- EU GDPR no longer applies in UK and entirely transcribed by UK GDPR.
- UK GDPR is supplemented by Data Protection Act 2018 (this replaces Data Protection Act 1998).
- It gives people right to be informed about how their personal information is used.
What is UK General Data Protection Regulation?
- It gives people rights to be informed about how their personal information is used
How do you ensure it is considered when handling client’s data and information?
I comply with the principles of UK GDPR.
* Purpose limitation – only used for that purpose
* Data minimisation – only hold required information, nothing more
* Accuracy – updated regularly
* Storage limitation – information safely deleted once no longer required
* Integrity and confidentiality – not shared with any other parties
What is the significance of safeguarding personal data?
- Legal compliance (GDPR)
- Trust – data breaches can erode trust
- Prevent financial loss
- Protection – sensitive data
How do you safeguard personal data?
- Limit access
- Strong authentication
- Regular access reviews
- Data security technologies
What is a firewall?
- A security system that monitors and controls network traffic based on predetermined security rules.
- It acts as a barrier between a trusted networks and untrusted networks
How does a password protected data site ensure GDPR is adhered to?
It ensured data is processed in a manner that ensured appropriate security of the personal data, as per the principles of GDPR
* Confidentiality (security of data)
* Data minimised and purpose limited to this use only
What data did you extract from EG Radius, EPC Register, Edozo Maps and Online Planning Portals?
EG Radius
- Transacted properties (verified through agents)
- Map tool
Information:
- Date of transaction
- Asking and achieved rents
- Agent
- Tenant
EPC Register
- Postcode to determine EPC
Edozo Maps
- Used for site plans in reports
- Building scale – 1:100
- Street/location – 1:1,250
- Location scale – 1:2,5000
Online Portals
- Planning permission
- CIL charges
- Conservation area
Were there any limitations?
EG radius
- Limited information
- Need to check accuracy
EPC
- If expired no way to know the new one
Edozo Maps
- Costly
Online Portals
- Address is different to Planning permission
- Not user friendly
How did you use the information?
EG Radius
- Comparable evidence
- Map tool
EPC
- Valuation reports
- Sustainability
Edozo Maps
- Location/site maps
- Valuation reports
Online planning portals
- Development pipeline
- Correct planning permission
- Development appraisals – Hope value
- CIL charges and S.106 in valuations
Why do you lock your laptop? What other ways can you protect yourself?
- Protect sensitive data
- Prevents breaches
- CBRE compliance
Other ways - Shred any confidential papers
- Lock papers in a locker
- Phishing awareness
- Strong passwords
- Training
What are second 4 individual rights of GDPR?
- Right to restrict processing
- Right to data portability (access and reuse)
- Right to object
- Rights related to automated decision making e.g. profiling
What exemptions are there to providing information as permitted by the Freedom of Information Act 2000
Exemptions are allowed if contrary to GDPR requirements
Example of what is included in an NDA?
- How the person can use the information.
- Ensure copies of any of the data are kept securely.
- To inform the main party if any confidential information becomes disclosed to unauthorised parties.
- Only use the confidential info for the purpose intended.
- Usually includes the term of the agreement, such as 2, 3, 5 years etc.
- Signed by the parties
What data security technologies are you aware of?
- Disk encryption
- Regular backups off site
- Cloud storage
- Password protection and use of anti-virus software
- Firewalls
Easy to remember principles of GDPR
P – Processed Fairly & Lawfully
L – Longer - Not kept Longer than necessary
A – Adequate and not excessive
C – Countries - Not transferred to Countries without the same data security
A – Accurate & up to date
R – Relevant
D – Data subject’s rights
S – Securely - Kept Securely
Easy ways to remember individual rights
R – Restrict processing
E - Erasure
A - Access
D – Data Portability
R – Rectification
A – Automated decision making and reporting
I – Informed
O – Object
Who is new compliance officer
Ryan Correa
If you were unsure about a data concern who would you speak to?
Data Protection officer
compliance officer
