Data Management - Level 2

Question 1

How is data managed and protected in your firm?

Answer 1

1. Secure document storage
2. Back up of documents
3. Process for sharing documentation
4. Formatting and standardisation of reports

Question 2

What is GDPR?

Answer 2

The General Data Protection Regulations.

It is a regulation in EU law for protection and privacy in the EU and European Economic Area.
It addresses the transfer of personal data outside the EU and EEA.

Question 3

What does it mean to be GDPR compliant?

Answer 3

GDPR is a regulation that require businesses to protect the personal data and privact of EU citizens for transactions that occur within EU member states.
Non-compliance could cost companies dearly.

Question 4

What are the 7 principles of GDPR/key principles of Data Management Act 2018?

Answer 4

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 5

What things must companies put in place to ensure GDPR compliance?

Answer 5

1. Raise awareness across your business
2. Audit all personal data
3. Update your privacy notes
4. Review your procedures supporting individuals rights
5. Identify and document your legal basis for processing personal data under he GDPR
6. Review how you seek obtain and record consent

Question 6

How can you ensure data security?

Answer 6

1. disk encryption
2. regular back ups off site
3. password protection
4. anti-virus software

Question 7

What is copyright?

Answer 7

Exclusive rights granted to the author or creator of any original work. These rights can be licensed, assigned or transferred.
It is a form of intellectual property.

All copyrighted material used in work must be acknowledged.

Question 8

What is the Data Protection Act 2018?

Answer 8

This is the Act that implements GDPR in the UK and relates to the protection of personal data. It came into force on 25th May 2018 and replaced the Data Protection Act 1988.

Question 9

What are the key requirements of the Data Protection Act 2018?

Answer 9

1. Obligation to conduct data protection risk assessment
2. Rights to individuals to have access to information on what personal data is held and what is erased.
3. A data controller decides how and why personal data is processed.
4. NEW REG - ‘data accountability’ ensuring organisations can prove to the ICO (Information Commissioner’s Office how they comply with the new regulations.

Question 10

What happens if there is a data breach?

Answer 10

Inform ICO within 72 hours when there is a loss of personal data and and a risk of harm to individuals

Question 11

What are the 8 Individual rights under GDPR?

Answer 11

1. Right to be informed
2. Right to access
3. Right to rectification
4. Right to erase
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights to automated decision making and profiling

Question 12

What article of Data Protection Act 2018 relates to storage of personal data?

Answer 12

Article 5(1) states that data must be;
1. processed lawfully, fairly and in a transparent manner
2. collected for specified purposes
3. hold only what is adequate and necessary for the required purposes
4.

Question 13

What does Article 5(2) of Data Protection Act 2018 state?

Answer 13

“the controller shall be responsible for, and be able to demonstrate, compliance with regulations.”

Question 14

What is the Freedom of Information Act 2000?

Answer 14

gives individuals the right to access information held by public bodies. Must be supplied in 20 working days.
Exceptions;
1. if contrary to GDPR requirements
2. it would prejudice a criminal matter under investigation
3. it would prejudice a persons/organisations commercial interest

Question 15

What is a Non-Disclosure Agreement?

Answer 15

A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together. e.g. accounting and financial stability of a company.

Question 16

What is the proposed RICS on cybercrime?

Answer 16

RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’.

Question 17

What will the RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’. address?

Answer 17

1. encryption of protect data on portable devices
2. best practice when using cloud based storage facilities
3. ensuring appropriate data handling policies are in place in the event of a data breach or malware attached.

This is being put in place to protect a firm from serious reputation damage and financial loss.

Question 18

What is the process for updating your systems with personal data?

Answer 18

refer to GDPR principles for accuracy

Question 19

What is a locum agreement?

Answer 19

arrangements for if a professional is unavailable

Question 20

What does NBS do to protect information?

Answer 20

1. Internal procedures -
2. GDPR Officer
3. Staff Training - understand Data Protection Act 2018.
4. Data processing - password protected and request permission prior to passing information on.

Question 21

Why do I handle personal data?

Answer 21

1. leaseholders

2. contractors

Question 22

How do I ensure leaseholders information is kept safe?

Answer 22

1. Password protection

2. Check email recipients before sending

Question 23

Nationwide Policy on Data

Answer 23

• data must be collected for specified and legitimate purposes and not further processed in a way incompatible with those purposes.
• keeps all documentation relating to Data Privacy Policy for a minimum of 6 years from the date that it is superseded by a more recent version, in line with the statute of limitations (Limitations Act 1980).

Question 24

What constitutes personal data?

Answer 24

• Any information related to a natural person that can be used to identify the person. ​
• name, a photo, an email address, bank details etc

Question 25

What is GDPR?

Answer 25

designed to protect personally identifiable information (personal data)

Question 26

Types data that will be covered by GDPR?

Answer 26

Data you hold to service your clients, for example: ​

Data in your valuation systems,​

Data in your compliance systems

Any working papers that support your compliance work which contain personal data​

Emails and correspondence since many of these will relate to clients and to their employees and will therefore contain personal data

Question 27

Obligations imposed by GDPR?

Answer 27

Must have/know/be able to:

KNOWLEDGE - knowledge of the data you store, its geography, security usage and composition ​

TYPE - Is it personal, prohibited, client-related or employee-related? ​

CAPTURE - How is it captured - is it permitted by law and by the client? ​

USED - provide information on how the data is used and on the rights of individuals regarding their data ​

MANAGED - demonstrate that you are managing personal data in a manner compliant with the regulations

SUPPLY- be able to supply, on request, the details of the data you hold and how it has been used ​

DELET - delete every instance of an individual’s data in compliance with the right to be forgotten (including data held in backups) ​

Question 28

What is the data protection Act 2018?

Answer 28

controls how your personal information is used by organisations, businesses or the government.

Question 29

What the Data Protection Act 2018 data protection principles?

Answer 29

They must make sure the information is:​

FAIRLY - used fairly, lawfully and transparently​

SPECIFIC - used for specified, explicit purposes​

LIMITED - used in a way that is adequate, relevant and limited to only what is necessary​

ACCURATE - accurate and, where necessary, kept up to date​

TIME -kept for no longer than is necessary​

SECURE - handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

Question 30

What is the Freedom of Information Act?

Answer 30

2000

provides individuals or organisations with the right to request information held by a public authority.