Data Management Q's

Question 1

What is GDPR? 

Answer 1

• law designed to protect peoples personal data and privacy
• Sets out rules on how governments, companies and organisations can collect, store and use personal information

Question 2

When did GDPR come into effect?

Answer 2

25th May 2018 - same day is data Protection Act
(Incorporated as part of new EU GDPR legislation)

Question 3

Who regulates GDPR in the UK? 

Answer 3

Information Commissioners Office (ICO)

Question 4

Key persons outlined in GDPR?

Answer 4

Controller - decides how and why personal data is used
Processor - Handles personal data on behalf of controller
Data officer - Oversees data protection and ensures compliance with rules

Question 5

What is the purpose of GDPR? 

Answer 5

Protect citizens information

Question 6

What constitutes personal data?

Answer 6

Information that is used to identify a person or data subject e.g photos, names, email address

Question 7

Examples of personal data under GDPR that could apply to property companies? 

Answer 7

Data relating;
- Background checks by HR
- Investors
- Fund managers
- Valuations
- Compliance

Question 8

What Act implemented GDPR in the UK?

Answer 8

• Data protection Act 2018 - implemented GDPR
• Replaced 1998 Data Protection Act 1998

Question 9

What are the 7 principles of Data Protection Act 2018? (AKA 7 principles of GDPR)  LAAPSID

Answer 9

1. Lawfulness, transparency & fairness
2. Accountability
3. Accuracy
4. Purpose Limitation
5. Storage Limitation
6. Integrity & Confidentiality
7. Data minimisation

Question 10

8 individual rights under GDPR?  (IARERDOA)

Answer 10

1. Right to be informed
2. Right of Access
3. Right to Rectfication
4. Right to Forgotten
5. Right to Restriction Processing
6. Right to Data Portability
7. Right to Object
8. Rights related to Automated Decision making and Profiling

Question 11

To what organisations does GDPR apply? 

Answer 11

Any and all businesses and organisations responsible for holding data in the EU

Question 12

What are penalties for GDPR breaches? 

Answer 12

• Fines of up to 17.5m
• 4% of worldwide turnover

Question 13

What is the ‘right to access’ under GDPR? 

Answer 13

• Right obtain whether their personal data is being processed
• Access to their own personal data that is being held

Question 14

What is a breach notification under GDPR? 

Answer 14

• Formal requirement for organisations (and their data controllers) to notify inform authorities and in some cases individuals if teh breach is likely to risk their rights and freedom
• Need to report 72 hours after becoming aware

Question 15

How are data breaches typically discovered? 

Answer 15

• Automated security systems
• Internal audits
• Lost equipment

Question 16

How have consent conditions been strengthened under GDPR?

Answer 16

• Consent must given in plain and clear language (best practice to get thsi in writing)
• Ability to withdraw consent at any time

Question 17

What is ‘right to be forgotten’ under GDPR?

Answer 17

• Under article 17 individuals have right to have personal data erased in certain circumstances 
• I.e. if they no longer are employed by a firm

Question 18

What is data portability? 

Answer 18

Right to obtain and reuse personal data across different services or distributed to a new controller

Question 19

What is privacy by design? 

Answer 19

• Legal requirement of GDPR
• data protection from onset in designing systems rather than as addition later on

Question 20

What is data protection officer? 

Answer 20

• They are responsible for monitoring internal compliance and obligations for data protection
• Only required by entities involved in large-scale processing of personal data

Question 21

Examples of data held by surveying practices?  

Answer 21

• Data to serve clients (accounting info, compliance)
• Lease documents
• Emails and other correspondence

Question 22

What are obligations imposed by GDPR?

Answer 22

• Must be knowledgeable about the data you store (location, security)
• Must be able to be deleted at any time
• Individuals can request to see all their personal data held
• Must demonstrate compliance in data handling
• Must offer data portability
• Must be able to prove how information is being used

Question 23

RICS best practice points for complying with GDPR? 

Answer 23

• Conduct data review
• Anonymise and encrypt data where possible
• Understand data processing
• Treat commercial data in the same as you would treat personal data although it is not covered by GDPR

Question 24

What are your company’s policies for data protection breaches? 

Answer 24

• Report to line manager or data protection officer in firm
• Email GDPR group at Workman

Question 25

RICS recommendations for using confidential information? 

Answer 25

• Keep secure record of consent for data processing
• Maintain confidentiality of information without explicit permission from party
• Check if you have appropriate contractual clauses to use information

Question 26

What information should be included in firms privacy notice? 

Answer 26

• What information you hold
• How will it be used
• How long it will be held for
• Which third parties it will be shared with
• Legal rights

Question 27

What is SAR? 

Answer 27

• Subject Access Request
• Demand that an individual be given all information a company holds under GDPR

Question 28

What was the Freedom of Information Act 2000? 

Answer 28

• Allows individual to request all personal information held by public body
• Must be done in 20 days
• Can charge for this

Question 29

What are the provisions of the Land Registry Act (2002)?

Answer 29

• Provides complete and accurate reflection on state of title of land at any given time
• Aim for all land in England and Wales to have a title before 2030

Question 30

What is required for a Land Registry Compliant Plan? (think of plan in case study)

Answer 30

• Demised Red Line
• North arrow
• Scale
• Drawn to scale of 1:100 or 1:200
• Location of property drawn to scale of 1:1250
• Measurement bar

Question 31

What is the difference between a deed and a registered title?

Answer 31

• Deed - physical record of ownership declaring person’s legal ownership
• Registered Title - ownership recorded in land registry
• Land Registry Act 2002 states registered title is conclusive

Question 32

Are electronic signatures accepted by the Land Registry?

Answer 32

Yes, witnessed electronic signatures are accepted from July 2020

Question 33

Disadvantages of the systems you use? 

Answer 33

• Rely on others for data input - human error
• External system - firm not in control of security

Question 34

How did it tighten up the former DPA 1998? 

Answer 34

• Customers greater control over data
• Firms over 250 need a designated DPO
• Fines
• Introduction of breach notification

Question 35

How do you comply with GDPR in your role? 

Answer 35

• I report suspected breaches
• I dont share confidential or personal information
• I keep consent for data processing

Question 36

Give me an example of how you process and handle confidential information. 

Answer 36

• When sending information to solicitors I ensure files are uploaded to a secure data room
• Change password for management systems and computer login every month
• Anonymise employee liability for TUPE

Question 37

What does encryption mean?

Answer 37

• Mathematical encoding of data that only authorised users can access

Question 38

What is a fire wall?

Answer 38

• Network security system that monitors and controls network traffic based on predetermined security rules

Question 39

Tell me about how you extract data from a source regularly used in your role?

Answer 39

• Extract data from leases, which is then put into data input forms, sent to my line manager to approve and then inputted by the data input team to appear on management systems

Question 40

Can you tell me about the retention of files and the Limitations Act 1980?

Answer 40

• Section 5 states legal action must be brought about within six years of issues arising
• Requires businesses to keep documents on file 6 years after tehy expire

Question 41

Give me an example of how you ensure that data is kept securely. 

Answer 41

• Access is restricted to users by password
• Firewalls but in place by IT team to stop hacking
• Appropriate training undertaken to understand processes

Question 42

What is copyright? 

Answer 42

• Legal right given to the creator of original works exclusive control over use of their creations for a certain period of time.
• In property; marketing material & intellectual property

Question 43

What is an AVM?

Answer 43

• Automated Valuation Model
• mathematical/statistical modelling with databases of existing properties and transactions to calculate real estate values
• Used by lenders and banks, developers, agents and brokers
  Pro - speed & cost-effective
  Con - Human expertise required to interpret AVM outputs

Question 44

Does RICS provide any guidance on AVM?

Answer 44

• RICS Roadmap: Automated Valuation Modelling 2021
• Outlines strategic direction and implementation of AVM in valuation
• Outlines best practice for AVM -> importance of balancing information with standards and ethical practices

Question 45

Explain the growing use of AVMs in the industry?

Answer 45

• Has merit in science of valuation with growing availability of data
• Speed, cost-effective, potential to reduce litigation

Question 46

What is an Electronic Document Management System?

Answer 46

• Software that stores, organises and manages documents
• Sharepoint

Question 47

How do you ensure GDPR compliance and security in the office?

Answer 47

• Clear desk policy
• Use shredder for disposal of docs with confidential information
• Lock screen
• Password protect
• External back up drive

Question 48

How do you monitor compliance on QUOODA/riskwise?

Answer 48

• Linked to email so get a notification when essential compliance document is nearing expiry/overdue
• Quarterly audits of system to identify discrepancy

Question 49

How do you apply your firms data protection policy?

Answer 49

• I report suspected breaches
• Anonymise data where possible
• Dont share confidential info
• Keep consent for data processing

Question 50

How to ensure data accuracy? 

Answer 50

• Double check against docs
• Checked by line manger
• Data audits

Question 51

What are CPSEs?

Answer 51

Commercial Property Standards Enquiries

Question 52

If a tenant would like to access CCTV footage, what is required? 

Answer 52

• Subject Access Request (SAR) - only my police & insurers
• Liaise with DPO on what can be given

Question 53

How do you store confidential data in your office? 

Answer 53

• Using password protected devices which require dual authentication for access
• Anonymise all personal data (use property codes for files rather than names)

Question 54

What would you do if you realised that you had received confidential data in an email, from another surveyor, which you should not have seen? 

Answer 54

• Cannot use information
• Report to DPO & Compliance officer
• Advise client/sender of error
• Dispose securely of information

Question 55

How do you ensure the data on the systems you use is accurate?  

Answer 55

• Data is cross-checked by multiple parties
• Internal and external systems get audited
• Prelist get raised and required to be approve by PM

Question 56

Benefits of cloud based storage systems?

Answer 56

• Access from multiple users at one time
• Info backed up on securely encrypted servers
• Environmentally friendly and cheaper

Question 57

What is a Non-disclosure agreement - NDA ?

Answer 57

• Used to protect against or sharing any confidential data
• NDA in property sales

Question 58

If two separate department within your firm were working for two rival companies how would you ensure client sensitive data was managed?

Answer 58

• make client aware of risks
• COI check
• Seek letter of instruction that both parties are happy for you to continue
• Implement information barrier

Question 59

What things must companies put in place to ensure GDPR compliance?

Answer 59

• Raising awareness - through mandatory training courses
• Audit all personal data
• Update privacy policy - to explain how data is processed
• Appoint DPO if over 250
• Data breach response plan

Question 60

How have you advised client on DM?

Answer 60

Recognised MEES coming to force old managing agents didn’t have a tracker for EPC

Question 61

Horizon & Tramps limitations

Answer 61

• 3rd party we dont have control of the security
• Human error in data input
• Training not user friendly

Question 62

What are exemptions to Data Protection Act 2018 ?

Answer 62

• National Security
• Law Enforcement
• Public health

Question 63

What does block chain mean?

Answer 63

• Decentralised digital ledger
• Can facilitate data sharing, streamline collection on rental collections and payments to landlords

Question 64

What is BIM and how can it be used?

Answer 64

• Building information modelling - creates 3D representations of buildings
• Help with design visualisation of stakeholders
• Aids cost management
• Used by our building surveyors in refurbishments of properties

Question 64

What is an index map?

Answer 64

• Provides all information on all land that is registered or being registered on HM Land Registry

Question 65

How do you source title information?

Answer 65

• Land registry
• Title searches

Question 65

What is Intellectual Property and can it be transferred?

Answer 65

• IP encompasses creations like patents, copyrights, trademarks and trade secrets.
• Yes can be transferred