Data Management - Summary of Experience

Question 1

What are the penalties under GDPR and data protection act?

Answer 1

4% of annual turnover or 20m euros (£17.5m)

Question 2

Can you give me an example of a property information tool?

Answer 2

• Horizon

Question 3

What are your KPIs for uploading data?

Answer 3

• 7 days from receipt
• Ensure to keep client informed throughout

Question 4

What is ISO9001?

Answer 4

Sets out requirements for how firms should control data + documents relating to their business

Question 5

What would you do if there was a data breach?

Answer 5

Report to Information Commissioners office within 72 hours - Notify affected individuals without delay

If within company I would report to line manager/data protection officer

Question 6

What is the difference between a deed and a registered title?

Answer 6

Deed = physical document proving legal ownership
Title = concept of giving right to own electronically

Question 7

What is copyright?

Answer 7

Type of intellectual property that protects original works and stops others using it

Question 8

What does block chain mean?

Answer 8

Shared ledger system that facilitates process of recording transactions across a computer network

Question 9

What is SAR?

Answer 9

subject access request
- Individual demands for info a company holds on them

Question 10

What are the obligations under GDPR?

Answer 10

• Need to have knowledge of data held and processed
• Have the ability to delete data every instance of data on subject
• Demonstrate data management compliance
• Prove how data is used
• Prove data portability (allow subject to reuse personal data for own purpose)

Question 11

How can you protect electronic data from viruses?

Answer 11

Antivirus software / firewall / update systems against bugs / strong password

Question 12

What are the differences between manual and electronic records?

Answer 12

• Electronic = stored online on file system and can read multiple at once
• Manual = Physical storage and harder to locate

Question 13

What is the purpose of GDPR and data protection act?

Answer 13

Governs how personal data should be processed + protects rights of individuals

Question 14

Explain the growing use of AVMs in the industry

Answer 14

Automated valuation models
- Speed, cost and removal of human errors
- Issue is that prop isnt inspected and lack of comparable data

Question 15

How can a data breach be discovered?

Answer 15

• Unusual network activity
• Unauthorised data access attempts

Question 16

Are there any disadvantages of the data management systems that you use?

Answer 16

• Updates to ensure strong encryption and firewall - Downtime
• Always security risk
• Dependent on internet connections (tech) - If not there data can’t be accessed

Question 17

Can you confirm how data from your examples are stored under the regulations?

Answer 17

In line with GDPR principles

Question 18

Can you give me some examples of reports that you run?

Answer 18

• Arrears report
• Tenancy schedules
• Service charge analysis

Question 19

What is the right to be forgotten?

Answer 19

The right for individuals to have their personal data erased if no longer required or if data processed unlawfully

Question 20

What is a data controller?

Answer 20

Determines purposes and means of processing personal data (must comply with principles)

Question 21

How did you ensure the data stored for the Ilford High Road sale was safe?

Answer 21

• Disk encryption
• Firewall and disaster recovery procedures
• Password protected

Question 22

What is a firewall?

Answer 22

Computer network security system that restricts internet traffic

Question 23

Which records are manually kept in your office and why?

Answer 23

Financial records e.g. invoices and receipts

Question 24

Who is exempt from GDPR?

Answer 24

• National security
• Journalism
• Law enforcement
• Academic research
• Public health
• Organisations with fewer than 250 people

Question 25

Can you tell me how CCTV relates to GDPR and the principles that underpin it?

Answer 25

• Data transparency - Lawful/fair
• Purpose limitation - requires personal data to be collected
• Storage limitation - Only retained for time period
• Secured against unauthorised access - data controller etc

Question 26

Can you tell me about how you extract data from a source regularly used in your role?

Answer 26

Horizon
1) Encrypted login
2) Search up property on system - go to data source needed e.g. invoice
3)

Question 27

What is an electronic document management system?

Answer 27

Software that centrally stores and organises documentation. E.g. Workman EFS

Question 28

How do you validate information used/received?

Answer 28

• Avoid duplications
• Cross check against historic data - Tenant/Landlord info
• Make sure date is complete
• DI form dates correct - correct charges and sent to correct recipients

Question 29

What is the land registry act 2002?

Answer 29

Framework to ensure possibility of transferring and creating registered land interests electronically

Question 30

What are the key principles of GDPR?

Answer 30

1) Lawfulness, fairness and transparency
2) Purpose limitation - specified and explicit
3) Data minimization
4) Accuracy - up to date
5) Storage limitation - should only be kept as long as necessary

Question 31

What is a data processor?

Answer 31

Processes data on behalf of the controller

Question 32

What is GDPR?

Answer 32

General data protection regulation
- Became EU law in 2016 and UK set up directive in 2018 under Data Protection Act

Question 33

What does encryption mean?

Answer 33

Converting data into a code to prevent unauthorised access

Question 34

When did GDPR come into effect?

Answer 34

25 May 2018

Question 35

What are the limitations of secondary data sources?

Answer 35

• No control on what is contained in data
• Lack of confidence could be wrong and inaccurate - validity
• above link to GDPR

Question 36

How do you comply with GDPR in your role?

Answer 36

• Report breaches
• Do not give out personal info
• Keep records of data consent
• Ensure info held is in line with GDPR

Question 37

Can you tell me about the retention of files and limitations act 1980?

Answer 37

Sets out how long business should keep documents for. States legal action must be brought within 6 years of issue arising

Question 38

What would you do if someone wanted to review the CCTV footage at Merton Road?

Answer 38

1) Request received
2) Check with data protection officer
3) Notify police (if required)
4) Ask subject to complete SAR whilst awaiting advice from data protection officer

Question 39

What is a data room such as the one you used at 144-146 Ilford High Road?

Answer 39

Secure online repository
- Shares sensitive documents
- Controlled access
- Leaves audit trail - When and where users are accessing
- Stored in line with GDPR
- Password protected and encrypted

Question 40

Can you give me some examples of data held by surveying practices covered under GDPR?

Answer 40

• Emails/correspondence
• Customer data held for marketing
• Data to help service a client (accounting info)

Question 41

What is BIM and how can it be used?

Answer 41

Building information modelling
- Generate and manage digital representations of elements of a building e.g. project planning and historic preservation

Question 42

Was the data you mention as part of the data forms held under GDPR regulations?

Answer 42

Yes I can confirm

Question 43

Explain how the H&S updates you make ensure you can monitor compliance on Meridian and Quooda?

Answer 43

• Time stamped record of actions completed and comments made
• See when risk assessments run out - Instruct

Question 44

Why was GDPR introduced?

Answer 44

To consolidate EU data laws and provide greater protection/rights to individuals

Question 45

What is data management?

Answer 45

Practice of collecting, storing and using data securely, efficiently and cost effectively

Question 46

What is the freedom of information act and when did it come into force?

Answer 46

Right for anyone to request access to info held by a public body. Public body required to provide within 20 working days (fee can be charged)

• 30 Nov 2000

Question 47

When was GDPR first introduced?

Answer 47

EU in 2016, UK in May 25 2018

Question 48

What are the rights of access under GDPR?

Answer 48

Individuals have right to access their personal data and supplementary information - can request copy of data free of charge

Question 49

Who regulates GDPR in the UK?

Answer 49

Information Commissioners Office

Question 50

How did GDPR tighten up the former data protection act 1998?

Answer 50

• Brought in regulation to cover the development of modern data and technology
• Stronger consent requirements and also withdrawal of consent

Question 51

Can intellectual property be transferred?

Answer 51

Yes - Written agreement e.g. contract/assignment

Question 52

How do you source title information?

Answer 52

on gov land registration search

Question 53

What is a data protection officer?

Answer 53

Appointed by company if they process large volumes of sensitive data or monitor data subjects (e.g. Workman)

Question 54

What are the limitations of primary data sources?

Answer 54

• Time consuming
• High cost - e.g. hiring inspectors
• Human error
• GDPR?

Question 55

What are CPSES?

Answer 55

Commercial Property Standard Enquiries

Question 56

What is intellectual property?

Answer 56

Something that is created using your mind e.g. patent. copyright

Question 57

What constitutes personal data?

Answer 57

Any info relating to identified person

Question 58

How do you ensure all data within these examples is kept securely?

Answer 58

• Disk encryption
• Firewall and disaster recovery procedures
• Password protected programmes

Question 59

What is your firms data protection policy?

Answer 59

That suspected breaches reported to line manager or data protection officer

Question 60

What are the key principles of data processing?

Answer 60

1) Lawfulness, fairness, transparency
2) Purpose limitation - only collected for specific purpose
3) Data minimization - only data necessary
4) Accuracy - up to date
5) Storage limitation - minimal time
6) Integrity + confidentiality

Question 61

What platforms did you gather information from?

Answer 61

• Horizon / Sharepoint
• Emails

Question 62

What is the RICS guidance for GDPR compliance?

Answer 62

• Document purposes of holding information
• Keep record of consent for processing, storage and retention
• Check if you have contract for info

Question 63

What are the individual rights under GDPR and the data protection act?

Answer 63

1) Right to information
2) Right to access
3) Right to rectification
4) Right to erasure
5) Right to restrict processing
6) Right to data portability
7) Right to object
8) Right to automated decision making

Question 64

What is a data subject?

Answer 64

Individual who can be identified by an identifier e.g. name or ID number

Question 65

Who set up the data room at 144-146 Ilford High Road?

Answer 65

Solicitors

Question 66

Was the data held at 144-146 Ilford High Road within the same property as the rest of Ilford High Road that you mention?

Answer 66

No, my client owned these properties separately, although they were part of the same portfolio

Question 67

How is data managed on the Tramps (Horizon + Sharepoint) platform?

Answer 67

• Collaboration and sharing between different teams within businesses (and between business)
• Only authorised users can access certain files
• Audit trails document activity

Question 68

How long can you hold data for?

Answer 68

No specified time period - As of GDRP principle should be kept as long as necessary for processing purposes

Question 69

What is hard and soft data?

Answer 69

Hard - quantifiable
Soft - not measurable - e.g opinions

Question 70

Explain your use of horizon/tramps and meridian and quooda?

Answer 70

Tramps
- Client reporting
- Sending tenant invoices
- Accounting figures for budget
- Legal documentation
- Password protected - change every month

Meridian
- Actioning health and safety queries / documentations
- Prop inspection reports