Data management / Property records/information systems

Question 1

What is the Data Protection Act 2018?

Answer 1

• UK’s implementation of the General Data Protection Regulation 2016 (GDPR)
• Complete data protect system – as well as governing personal data covered by GDPR, it covers all other general data as previously covered by the 1998 Act

Question 2

What is GDPR?

Answer 2

• General data protection regulation
• Relates to personal data
• Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by third parties
• Gives people stronger rights to be informed about how their personal information is used

Question 3

When did GDPR come into force?

Answer 3

25th May 2018

Question 4

What are the key requirements under GDPR?

Answer 4

• Obligation to conduction data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and to have it erased
• A data controller decides how and why personal data is processed and is directly responsible for GDPR
• ‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations

Question 5

What happens if you breach GDPR? What is the penalty?

Answer 5

• Data security breaches need to be reported to Information Commissioners Office (ICO) within 72 hours where there is a loss of personal data and a risk of harm to individuals
• An increase in fines up to 4% global turnover of the company or €20m (whichever is the greater)
• Policed by the ICO

Question 6

What does Article 5(1) of GDPR state in relation to the processing of data?

Answer 6

Data must be processed lawfully, fairly and in a transparent manner in relation to individuals

Question 7

What does Article 5(1) of GDPR state in relation to the collection of data?

Answer 7

Data must be collected or specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Question 8

What does Article 5(1) of GDPR state in relation to the relevance of data?

Answer 8

Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

Question 9

What does Article 5(1) of GDPR state in relation to the accuracy of data?

Answer 9

Data must be accurate and, where necessary kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purpose for which they are processed, are erased or rectified without delay

Question 10

What does Article 5(1) of GDPR state in relation to the form which data is kept in?

Answer 10

Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

Question 11

What does Article 5(1) of GDPR state in relation to the the processing of data?

Answer 11

Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures

Question 12

Who does Article 5(2) of GDPR state is responsible for the compliance with the principles outlined in Article 5(1)?

Answer 12

The data controller shall be responsible for, and be able to demonstrate compliance with the principles

Question 13

What are the 8 individual Rights under GDPR?

Answer 13

AIRER POA:

1. Right of access
2. Right to be informed
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (to use for their own purposes)
7. Right to object
8. Rights to automated decision making and profiling (as undertaken by insurance companies

Question 14

How has your firm changed their data management practices to comply with GDPR?

Answer 14

• Conducted data protection impact assessments i.e. evaluated risks associated with holding information about individuals
• Ensure data accountability through the appointment of a named data controller
• Contacted individuals who were on distribution lists to confirm that they wanted to be contacted
• Trained staff
• Ensured correct firewalls were in place to ensure appropriate security of personal data

Question 15

Under GDPR, would you be able to transfer personal data you hold outside of the UK?

Answer 15

GDPR restricts transfers of personal data outside the European Economic Area (EEA), unless the rights of the individuals personal data is protected in another way

Question 16

Who has received the largest fine under GDPR?

Answer 16

British Airways received a £183m fine in 2019 after hackers stole the personal data (including login, payment card, name, address and travel booking information) from 500,000 customers

Question 17

What is the Freedom of Information Act 2000?

Answer 17

Gives individuals the right of access to information held by public bodies

Question 18

What does the Freedom of Information Act 2000 require of public bodies?

Answer 18

• Public body must tell any individual requesting sight of information whether it holds it
• Normally the public body is required to supply it in 20 working days in the format requested
• It can charge for the provision of the information

Question 19

What are the exemptions from the Freedom of Information Act 2000?

Answer 19

• Contrary to the GDPR requirements
• It would prejudice a criminal matter under investigation
• It would prejudice a person’s/organisation’s commercial interest

Question 20

What are the elements of a Non-Disclosure Agreement (NDA)?

Answer 20

• Identification of the parties
• Definition of what is deemed to be confidential
• Scope of the confidentiality obligation by the receiving party
• The exclusions from confidential treatment
• The length of term of the agreement

Question 21

What are automated valuation models (AVMs)?

Answer 21

• Software systems which can provide property valuations using mathematical modelling combined with a database
• They are most used for residential property

Question 22

What are the advantages of using AVMs?

Answer 22

• Able to consider a larger number of data points than a traditional valuation approach
• Saves time, money and resources
• Removes any human bias or subjectivity
• Useful for assessing the value of a property portfolio

Question 23

What are the disadvantages of using AVMs?

Answer 23

• Do not take into account property condition (valuation assumes an average condition as an inspection does not occur)
• Does not take into account nuanced factors such as the view or level of street noise
• Use transactional data which may lag the actual market i.e. cannot include evidence from properties which might be under offer

Question 24

What do you understand by the term security of data?

Answer 24

Means ensuring that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection

Question 25

How can security of data be improved?

Answer 25

• Disk encryption - encrypting data on a secure hard disk drive
• Regular back ups off site
• Password protection
• Use of anti-virus software protection
• Firewalls and disaster recovery procedures

Question 26

What does copyright mean?

Answer 26

• A set of exclusive rights granted to the author or creator of any original work, including the right to copy
• These rights can be licensed, assigned or transferred
• Form of intellectual property

Question 27

What does Crown Copyright cover?

Answer 27

All materials created and prepared by the Government, such as laws, public records, official press releases and OS mapping

Question 28

What is a deed?

Answer 28

A legal document made under seal

Question 29

How can you prove ownership of land which is not registered with the Land Registry?

Answer 29

The Deeds will set out information about the ownership and details of a property

Question 30

What do the Land Registry provide upon request and payment?

Answer 30

Copy of the official Title Register for registered property or land in the UK

Question 31

What does Title indemnity insurance cover?

Answer 31

• Protects a party for any claim arising from the title of a property e.g. title defects, restrictive covenants and easements
• Paid as a one-off premium

Question 32

What are restrictive covenants?

Answer 32

• Agreement to restrict the use of land in some way for the benefit of other land users
• They are enforceable by successors as they run with the land

Question 33

How can a restrictive covenant be removed?

Answer 33

Make an application to the Upper Tribunal (Lands Chamber) but the grounds for discharge are very strict

Question 34

What are MSCI Real Estate indices?

Answer 34

• Indices which provide investment performance statistics for owners and investors / fund management

Question 35

What do MSCI Real Estate indices aim to provide?

Answer 35

• Independent benchmarks and market data
• Provide real estate performance analysis, market indices and research regarding property investment performance and risk to the real estate world

Question 36

How do the MSCI produce their Real Estate indices?

Answer 36

Draw on up-to-date valuations of selected UK properties

Question 37

What are the RICS Data Standards, 2018?

Answer 37

• Set of standards to support the capture, verification and sharing of data in a common format
• They address issues of digital data consistency

Question 38

What data are the RICS Data Standards, 2018 already available for?

Answer 38

• International Property Measurement Standards (IPMS)

* International Construction Measurement Standards (ICMS)

Question 39

What additional data are the RICS Data Standards, 2018 going to be made available for?

Answer 39

• International Valuation Standards (IVS)

* International Land Measurement Standard (ILMS)

Question 40

As a result of our eventual departure from the European Union, will GDPR still apply in the UK?

Answer 40

Government has been consistent in saying that it will still adopt all of the provisions of GDPR. Most of them have already be written into UK law through the Data Protection Act 2018

Question 41

What does the colour coding on Title Plans represent?

Answer 41

• Red Line – boundary of registered land
• Green Line – boundary of land removed from title
• Green Shading – land excluded from the title but within area
• Blue shading – right of way on registered land for use by other land
• Orange shading – right of way on other land for use by registered land

Question 42

What are your Quality Assurance procedures relating to the creation of valuation reports?

Answer 42

• Operate a file checklist approach to ensure that all valuers are working to the same standard
• The checklist includes: conflict of interest check, terms of engagement, liability caps, due diligence, comparables, methodology, peer reviews, report sign-off
• Reports are peer reviewed and counter-signed by another valuer

Question 43

What is included in a Land Registry title register?

Answer 43

• A: Property register - description of the property, tenure, the date the property was first registered and any rights it may benefit from e.g. private right of way
• B: Proprietorship register - name and address of the current owner, when they bought the property, how much was paid for it (if sold since 1 April 2000), any restrictions that limit the power of the owner and the class of the title
• C: Charges register - mortgages and other financial burdens received on the property. Other rights or interest that limit how the land or property can be used e.g. leases, rights of way or covenants

Question 44

What is a SAR?

Answer 44

• Subject access request

* Gives individuals rights to request any ‘personal data’ held on them. This right is a principle of GDPR

Question 45

What is “personal data” as defined by GDPR?

Answer 45

Personal data are any information which are related to an identified or identifiable natural person e.g. the telephone number, email address

Question 46

What professional statement is the RICS planning on releasing relating to the encryption of data and use of cloud-based storage facilities?

Answer 46

Data Handling and Prevention of Cybercrime, 2020

Question 47

What will be contained in the professional statement on Data Handling and Prevention of Cybercrime , 2020?

Answer 47

• Best practice and 24 mandatory obligations
• Advise on matters such as encryption to protect data on portable devices, best practice when using cloud-based storage facilities (e.g. Dropbox, OneDrive and Google Drive) and ensure appropriate data handling policies are in place in the event of a data breach or malware attack
• It will sit behind the legal requirements of the Data Protection Act 2018 in the UK

Question 48

What should you do when transferring personal data outside of the European Economic Area (EEA) in order to act in accordance with GDPR?

Answer 48

• Confirm whether the restricted transfer is covered by an “adequacy decision” i.e. the data protection framework is robust enough in that region
• If not it can be covered by an ‘appropriate safeguard’ or ‘exception’
• Ensure all data is encrypted