Data Management (Level 3) - SOE Specific Flashcards
What key law are you aware of in relation to Data Management?
Data Protection Act (2018)
What does the Data Protection Act (2018) apply to?
The UK.
What is the purpose of the Data Protection Act (2018)?
It is the UK’s implementation of the General Data Protection Regulation (GDP) and includes provisions specific to the UK.
It governs how personal data should be processed in order to protect the privacy rights of individuals.
How does the DPA 2018 align to regulation or GDPR?
1) The DPA 2018 incorporates the GDPR into UK Law, ensuring data protection rules align with the EU-wide regulation.
2) It provides a framework for processing personal data in the UK, consistent with GDPR standards.
What types of data is covered within the DPA 2018?
Personal data = Information that can identify an individual directly or indirectly
Sensitive Personal Data (Special Category Data) = Includes data about racial or ethnic origin, political opinions, religious beliefs, health, sexual orientation, genetic data, and biometric data.
What principles of Data Processing are you aware of that are outlined within GPA 2018?
- Lawfulness, Fairness and transparency
- Purpose Limitation
- Data Minimization
- Accuracy
- Storage Limitation
- Integrity and Confidentiality
What rights do data subjects have under the DPA 2018?
- Right to be informed
- Right of Access
- Right to Rectification
- Right to Erasure (“Right to be Forgotten”)
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Rights Related to Automated Decision Making and Profiling
What is the importance and impact of the DPA 2018?
- The DPA 2018 is crucial for safeguarding individuals’ privacy rights and ensuring that personal data is handled responsibly and securely.
- It impacts all organizations that process personal data in the UK, requiring them to review and update their data protection practices regularly to ensure compliance.
What is the basis of the General Data Protection Regulations?
- The General Data Protection Regulations (GDPR) is a comprehensive data protection law that came into effect on May 25th 2018.
- It applies to all European Union (EU) member states and aims to give individuals greater control over their personal data while imposing strict rules on organizations that process data.
What are the Key Principles of GDPR?
- Lawfulness, Fairness, and - Transparency
- Purpose Limitation
- Data Minimization
- Accuracy
- Storage Limitation
- Integrity and Confidentiality
- Accountability
Examples of personal data under GDPR that could apply to property companies?
Investor information, employee information, marketing, tenant, client information.
To what organisations does GDPR apply?
All organisations of more that 250 employees
Talk me through your role in the sale at Wey Retail Park?
Situation=
- Played a key role in the sale of a retail park in West Byfleet, through helping answer CPSE’s as part of the Buyers due diligence
Action =
- Liaising with my client’s solicitors to compile a list of key documents required to make sure records were complete and accurate.
Advice =
-I advised that this information should not just be issued over, but a secure data room which was password protected should be set up to ensure GDPR compliance.
Result =
- I did this and the log in details were provided to the clients solicitors.
Talk me through what occurred at Phoenix Retail Park?
Situation =
- Anti-social behavior and fly-tipping repeatedly occurred at site
Action =
-I liaised with the FM to reflect on security measures that could be undergone to ensure this was dealt with appropriately, and CCTV was determined as the most cost-efficient measure.
Advice =
- I advised that as we were proceeding with CCTV, and this would involve storing peoples personal data, we needed to ensure that GDPR was complied with.
- Therefore I touched base with the CCTV provider and ensured that the system had access-controls and storage protocols were in place for the recorded footage.
- Additionally, I informed the tenants of the systems implementation and signage was placed around the site to inform visitors of the CCTV’s operation.