Data Management - Level 2 Flashcards

1
Q

How is data managed and protected in your firm?

A
  1. Secure document storage
  2. Back up of documents
  3. Process for sharing documentation
  4. Formatting and standardisation of reports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is GDPR?

A

The General Data Protection Regulations.

It is a regulation in EU law for protection and privacy in the EU and European Economic Area.
It addresses the transfer of personal data outside the EU and EEA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does it mean to be GDPR compliant?

A

GDPR is a regulation that require businesses to protect the personal data and privact of EU citizens for transactions that occur within EU member states.
Non-compliance could cost companies dearly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 7 principles of GDPR/key principles of Data Management Act 2018?

A
  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What things must companies put in place to ensure GDPR compliance?

A
  1. Raise awareness across your business
  2. Audit all personal data
  3. Update your privacy notes
  4. Review your procedures supporting individuals rights
  5. Identify and document your legal basis for processing personal data under he GDPR
  6. Review how you seek obtain and record consent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can you ensure data security?

A
  1. disk encryption
  2. regular back ups off site
  3. password protection
  4. anti-virus software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is copyright?

A

Exclusive rights granted to the author or creator of any original work. These rights can be licensed, assigned or transferred.
It is a form of intellectual property.

All copyrighted material used in work must be acknowledged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Data Protection Act 2018?

A

This is the Act that implements GDPR in the UK and relates to the protection of personal data. It came into force on 25th May 2018 and replaced the Data Protection Act 1988.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the key requirements of the Data Protection Act 2018?

A
  1. Obligation to conduct data protection risk assessment
  2. Rights to individuals to have access to information on what personal data is held and what is erased.
  3. A data controller decides how and why personal data is processed.
  4. NEW REG - ‘data accountability’ ensuring organisations can prove to the ICO (Information Commissioner’s Office how they comply with the new regulations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens if there is a data breach?

A

Inform ICO within 72 hours when there is a loss of personal data and and a risk of harm to individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 8 Individual rights under GDPR?

A
  1. Right to be informed
  2. Right to access
  3. Right to rectification
  4. Right to erase
  5. Right to restrict processing
  6. Right to data portability
  7. Right to object
  8. Rights to automated decision making and profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What article of Data Protection Act 2018 relates to storage of personal data?

A

Article 5(1) states that data must be;
1. processed lawfully, fairly and in a transparent manner
2. collected for specified purposes
3. hold only what is adequate and necessary for the required purposes
4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Article 5(2) of Data Protection Act 2018 state?

A

“the controller shall be responsible for, and be able to demonstrate, compliance with regulations.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Freedom of Information Act 2000?

A

gives individuals the right to access information held by public bodies. Must be supplied in 20 working days.
Exceptions;
1. if contrary to GDPR requirements
2. it would prejudice a criminal matter under investigation
3. it would prejudice a persons/organisations commercial interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Non-Disclosure Agreement?

A

A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together. e.g. accounting and financial stability of a company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the proposed RICS on cybercrime?

A

RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’.

17
Q

What will the RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’. address?

A
  1. encryption of protect data on portable devices
  2. best practice when using cloud based storage facilities
  3. ensuring appropriate data handling policies are in place in the event of a data breach or malware attached.

This is being put in place to protect a firm from serious reputation damage and financial loss.

18
Q

What is the process for updating your systems with personal data?

A

refer to GDPR principles for accuracy

19
Q

What is a locum agreement?

A

arrangements for if a professional is unavailable

20
Q

What does NBS do to protect information?

A
  1. Internal procedures -
  2. GDPR Officer
  3. Staff Training - understand Data Protection Act 2018.
  4. Data processing - password protected and request permission prior to passing information on.
21
Q

Why do I handle personal data?

A
  1. leaseholders

2. contractors

22
Q

How do I ensure leaseholders information is kept safe?

A
  1. Password protection

2. Check email recipients before sending

23
Q

Nationwide Policy on Data

A
  • data must be collected for specified and legitimate purposes and not further processed in a way incompatible with those purposes.
  • keeps all documentation relating to Data Privacy Policy for a minimum of 6 years from the date that it is superseded by a more recent version, in line with the statute of limitations (Limitations Act 1980).
24
Q

What constitutes personal data?

A
  • Any information related to a natural person that can be used to identify the person. ​
  • name, a photo, an email address, bank details etc
25
Q

What is GDPR?

A

designed to protect personally identifiable information (personal data)

26
Q

Types data that will be covered by GDPR?

A

Data you hold to service your clients, for example: ​

Data in your valuation systems,​

Data in your compliance systems

Any working papers that support your compliance work which contain personal data​

Emails and correspondence since many of these will relate to clients and to their employees and will therefore contain personal data

27
Q

Obligations imposed by GDPR?

A

Must have/know/be able to:

KNOWLEDGE - knowledge of the data you store, its geography, security usage and composition ​

TYPE - Is it personal, prohibited, client-related or employee-related? ​

CAPTURE - How is it captured - is it permitted by law and by the client? ​

USED - provide information on how the data is used and on the rights of individuals regarding their data ​

MANAGED - demonstrate that you are managing personal data in a manner compliant with the regulations

SUPPLY- be able to supply, on request, the details of the data you hold and how it has been used ​

DELET - delete every instance of an individual’s data in compliance with the right to be forgotten (including data held in backups) ​

28
Q

What is the data protection Act 2018?

A

controls how your personal information is used by organisations, businesses or the government.

29
Q

What the Data Protection Act 2018 data protection principles?

A

They must make sure the information is:​

FAIRLY - used fairly, lawfully and transparently​

SPECIFIC - used for specified, explicit purposes​

LIMITED - used in a way that is adequate, relevant and limited to only what is necessary​

ACCURATE - accurate and, where necessary, kept up to date​

TIME -kept for no longer than is necessary​

SECURE - handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

30
Q

What is the Freedom of Information Act?

A

2000

provides individuals or organisations with the right to request information held by a public authority.