Data Management - Summary of Experience

Question 1

What is GDPR

Answer 1

EU General Data Protection Regulations 2016

Question 2

What is the data protection act?

Answer 2

Data Protection Act 2018
- UKs application of GDPR

Question 3

When was DPA and GDPR introduced

Answer 3

May 2018

Question 4

Why was DPA 2018 introduced?

Answer 4

1998 Act introduced to cover modern data and technology
2018 Act to incorporate GDPR legislation

Question 5

What are the principles of GDPR and DPA 2018

Answer 5

• Information used lawfully, fairly and transparently
• Information collected for specified, explicit and legitimate purposed
• Information is adequate, relevant and limited to necessity
• Information is accurate and kept up to date
• Information is kept no longer than necessary
• Information is kept safe

Question 6

What are tje individual rights under GDPR and DPA 2018?

Answer 6

• To be informed
• To access
• To rectification
• To reasure
• To restrict processing
• To data portability
• To object
• To automated decision making and profiling

Question 7

What are tje individual rights under GDPR and DPA 2018?

Answer 7

• To be informed
• To access
• To rectification
• To reasure
• To restrict processing
• To data portability
• To object
• To automated decision making and profiling

Question 8

What is the purpose of GDPR and DPA 2018?

Answer 8

To protect citizens data

Question 9

What are the penalties under GDPR and DPA 2018?

Answer 9

Fines
- 4& annual gloabl turnover or 20 million euros

Question 10

What constitutes personal data?

Answer 10

Information relating to a person to identify that person
e.g names, photo, email, bank details, IP address

Question 11

Give some examples of personal data and how they apply to property companies

Answer 11

• Data relating to investors
• Data relating to fund managers / Clients
• Valuations
• Compliance
• Bookkeeping payroll
• Background checks
• HR
• Tenant information

Question 12

What organisations are exempt from GDPR

Answer 12

• Exceptions for organisations with fewer than 250 employees
• Private individuals not engaged in business activities

Question 13

What is your firms data protection policy?

Answer 13

• Follow legislation
• Suspected breaches should be reported to the individual line managers or firms data protection officer

Question 14

How do you apply your firms data protection policy?

Answer 14

• I ensure i have an understanding of sensitive and protected data
• I don’t send sensitive or preotected data unless it is to the individual
• Anonymise information where possible
• I report suspected breaches

Question 15

Who regulates GDPR in the UK?

Answer 15

The Information Commissioners Office

Question 16

What are the obligations imposed by GDPR

Answer 16

• MUST have knowledge of the data you store and process (including its location and security)
• MUST be able to delee every instance of individuals data
• MUST demonstrated compliance in managing data
• MUST be able to prove how information is being used
• MUST offer data portability

Question 17

What are the RICS best practice guideance points for GDPR compliance?

Answer 17

• COnduct data reviews to understand risks
• Anonymise data where possible
• Encrypt where possible
• Create breach policy response
• Treat commercial data as personal data
• Understand data processes

Question 18

How do you comply with GDPR in your role?

Answer 18

• Do not give out confidential or personal information
• Report suspected breaches
• Understand what information we hold that is protected
• Anonymise data where possible
• Upload to password and security protected data rooms
• Keep records of consent for processing, storing and retaining data

Question 19

Give me an example of how you prcoess and handle confidential information?

Answer 19

• Use document systems to add, amend and remove information
• Upload files to secure data room
• Anonymise information
• Password protection to access files

Question 20

What is encryption?

Answer 20

Mathematical function that encodes data in such a way that only authorised users can access it

Question 21

What is a firewall?

Answer 21

Network security system that monitors and controls incoming and outgoing network traffic, based on predetermined security rules

Question 22

What should be included in a firms privacy notice?

Answer 22

• What information you have
• What information will be used for
• Which third parties you may share information with
• How long information is being kept for
• What legal right the firm has

Question 23

Explain your use of Tramps and Horizon

Answer 23

• Systems used to manage tenant information and accounting information, such as invoices, rent received etc
• Tenant contact information and Client information also stored
• Password protected

Question 24

Explain your use of Sharepoint and vRoom

Answer 24

Document management systems that store legal documents such as title information, leases, licences
- Password protected

Question 25

Explain your use of data input forms

Answer 25

When information requires amending or uploading, data input form is used to submit to the system

Question 26

How do you ensure accuracy of information on data management systems

Answer 26

Chekck against original documents such as lease

Question 27

How do you review arrears?

Answer 27

Through TRAMPS / Horizon -> able to see tenant payment / financial history

• monies received are allocated by credit controllers and this is reflected on TRAMPS / horizon

Question 28

How do you review SC expenditure

Answer 28

Run a SC expenditure report on TRAMPS / Horizon

Question 29

How do you review leases

Answer 29

Sharepoint / vRoom -> any missing information, liaise with solicitors and have the relevant documents securely uploaded

Question 30

Explain Workmans EFS

Answer 30

Electronic Filing System -> secure system where information is stored
i.e Budgets, reconciliation, service contracts, contruction info

Question 31

What reports do you run in your role?

Answer 31

• Arrears reports
• Transaction listing
• Expenditure reports
• Dilapidation reports

Question 32

Explain how you monitor compliance on Meridian and QUOODA

Answer 32

• Linked to my email, so i get notifed daily when action or document is non-compliant
• Get notified when document or action is becoming overdue
• Update comments weekly on current status of documents and actions