Data managment Flashcards
What is GDPR and what are its principles?
EU legislation to strengthen individual rights over their personal data.
Applies to all personal data, seven key principles
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- accountability
- not to be transfer to countries with different protection
What must companies put in place to ensure compliance with GDPR?
-data protection policy
-staff training
-lawful basis for processing
-privacy notice
-security measures
-data protection officer
Why is it important to limit access to personal data?
-protect individuals data
-reduce risk of breach
-data minimisation
-demonstrate accountability
How is information stored securely in your firm?
- cloud based system
- password protected folders and limited access
-firewall
-eg mindcast softwear
-quarentine page
What are the personal rights in regards to data?
-access
-request correction
-request erasure
-restrict processing
-object to process
-data portability
How do you verify your data source eg for comparable valuation?
-check with agents
Who are the key persons involved in GDPR?
-controller
-professor
-data subject
Who is the data controller in your firm?
Director
What must you do if there is a data breach?
Inform ICO within 72 hours, when data lost and risk involved
What are the penalties for a data breach?
4% of global annual turnover or 20m euros
What is the Data protection act 2018?
The data protection act sets out how personal data should be processed and protects individual privacy rights
What does article 5 of GDPR 18 - key principles?
- lawfully, fairly and transparently (LAS)
- purpose of limitation
- data minimisation
- Accuracy
- storage limitations
6.securely
7.accountability
What are individuals rights under GDPR18?
- Access
- restrict Processing
- data Portability
- Erasure
- relation to Automated decision making and profiling
- Rectification
- be Informed
- Object
What is a subject data request?
individuals right to access personal data that an organisation holds about them
What would you do if a date breach occurred?
Data breaches must be reported to the Information Commissioner’s Office (ICOs) within 72 hours of discovery. The ICO is the UK’s independent body responsible for enforcing information rights. The ICO has the power to issue fines for non-compliance which can reach up to £17.5 million or 4% of global annual turnover
what is the freedom of information act 2000?
-An individual has a right to access information held by a public body. Aim is to improve transparency and accountability
-When requested the body aims to release the information within 20 days and can charge a fee for disclosure
What legislation do you adhere to when handling data?
Data protection act 2018 (UK) and general data protection 2018 (EU)
What is copy right?
-set of exclusive rights granted to the author or creator of original work, including the right to copy
-rights can be licensed, assigned or transferred
-form of intellectual property
-must acknowledge copyright for info duplicated in work
What is intellectual property and can it be transferred?
Intellectual Property (IP) refers to creations of the mind that are legally protected, allowing individuals or businesses to control how their ideas, inventions, or creative works are used. It gives the owner exclusive rights over their work. E.g. patents, or trademarks
Tell me about the Retention of Files and Limitation Act 1980?
Sets out the time limits within which legal actions can be taken. Keep documents for 6 years, however some are more eg deed 12 years, then correctly disposed.
What are the General Data Protection Regulations?
EU legislation to strengthen individual rights over their personal data. Applies to all personal data, seven key principles
What are the disadvantages of using systems like CoStar, Rightmove etc?
-not always accurate
-need to verify it directly with the agent which can sometimes be challenging
What is your company’s Asset Management Plan?
Documentation which collected all property and tenancy information onto one document
reviewed yearly and shows growth or decline over 5 year period
How do you ensure this data is accurate?
carefully collected, and checked by a colleague
How do you ensure that it complies with Data Protection laws?
only collect for purpose and store for as long as required
What is your company’s data management policy?
6 years unless its personal data
Who audits the data that is stored on your system?
For commercial department its the compliance manager
what are the penalties for breach of the Data Protection Act?
4% of global profit or 20M euro
To whom would you report a breach of personal data to?
Internally out Data officer, who would report it to the ICO
what is considered personal and sensitive data?
Personal: identifies individual directly or indirectly
Sensitive: health, race, religion etc
How do you comply with your firms data management policy?
-only collect and store data with a purpose and time
-frequently change passwords
-don’t leave devices unattended
What training have you received on data management?
annual internal training on data protection policies
Difference between direct and in-direct?
Direct - one piece fo data can identify someone eg name, number
Indirect - combo to identify someone, eg DOB, postcode
UK General Data Protection Regulations
as EU doesn’t apply, essentially transcribed into UK GDPR
-UK GDPR covers data protection act 2018
-aim to create single data protection regime
Key requirements for data protection act?
-obligation to conduct data protection impact assessment for high risk holding of data
-new rights for individuals to access info and have it erased
-data controller
-report to ICO in 72 hours
What is article 5 (2)?
requires data controller responsible for and able to demonstrate compliance with principles
How can security of data be improved?
-firewall
-encryption
-cloud-based
-2 step verification
-NDA
What is your firms data retention policy?
What counts as personal data?
such as name, DOB, address, email address
