Data Mangement

Question 1

What is GDPR?

Answer 1

EU General Data Protection Regulation

Question 2

What Act implemented GDPR in the UK

Answer 2

Data Protection Act 2018

Question 3

When was GDPR effective from

Answer 3

25th May 2018

Question 4

What is the purpose of GDPR?

Answer 4

Protect citizens personal data

Question 5

What constitutes personal data?

Answer 5

Any information related to a person that can be used to identify a person eg names, photos, email address, bank details

Question 6

Examples of personal data under GDPR that could apply to property companies

Answer 6

• property performance/investor data
• fund managers
• tenant data
• valuations
• compliance
• background checks completed by HR

Question 7

to what organisations does GDPR apply

Answer 7

all organisations greater than 250 employees

Question 8

What are the penalties for GDPR breaches?

Answer 8

Up to 20 million Euros
OR
4% of annual global turnover
Whichever is greater

Question 9

what is the ‘right to access’ under GDPR

Answer 9

Individuals have the right to obtain confirmation that their data is being processed and access to their personal records.

Question 10

What are the timeframes to publish a breach notification under GDPR

Answer 10

• Need to report the breach within 72 hours of becoming aware of breach to Information commissions office (ICO)
• if breach is high risk, then notify individuals without delay

Question 11

How are data breaches typically discovered?

Answer 11

• Data security incident
• Access logs
• Reported thefts
• Lost equipment

Question 12

how has consent condition been strengthened under GDPR

Answer 12

• consent must be given using plain and clear language
• Must be as easy to withdraw consent as it is to give it

Question 13

What is ‘right to be forgotten’ under GDPR

Answer 13

• Article 17 GDPR, individuals have right to have personal data erased in certain circumstances:
• data no longer necessary
• data been processed unlawfully

Question 14

What is data portability?

Answer 14

• right for data subject to receive personal data concerning them which they have previously provided, and have it transmitted to another controller

Question 15

What is privacy by design?

Answer 15

• Legal requirement under GDPR
• inclusion of data protection from outset, rather than as addition

Question 16

what is a data protection officer

Answer 16

• An individual appointed to monitor internal compliance, stategy and implementation of GDPR

Question 17

Examples of data held by surveying practices

Answer 17

• HR/Payroll
• customer data for marketing
• Emails and correspondence relating to clients, tenants, employees, contractors.

Question 18

What are obligations imposed by GDPR?

Answer 18

• knowledge of data you store and process
• Keep data in format that allows portability to another data processor, should the need arise
• Demonstrate data is being managed in compliant manner
• Delete every instance of an individuals data in compliance with ‘right to be forgotten’
• Provide information on how data is used and the rights of individuals

Question 19

who regulates in the UK?

Answer 19

Information Commissioners Office

Question 20

RICS best practice points for complying with GDPR?

Answer 20

• conduct data review
• anonymise data where possible
• encrypt everything where possible
• treat commercial data in same way as personal data, even though not covered by GDPR

Question 21

What are your companies policies for data protection breaches?

Answer 21

report to line manager AND/OR Data protection officer

Question 22

RICS recommendations for using confidential information

Answer 22

• Document purposes for which you are allowed to hold information
• Keep record of consent
• check contractual clauses

Question 23

What information should be included in firms privacy notices?

Answer 23

• what information you have
• what information will be used for
• which 3rd parties may have access to the data
• how long information will be stored
• what legal rights they have

Question 24

What are the 7 principles of Data Protection Act 2018 (GDPR)

Answer 24

• lawfulness, fairness and transparency
• Accuracy
• Accountability
• Purpose limitation
• storage limitation
• data minimisation
• integrity and confidentiality

Question 25

What are the 8 individual rights under GDPR

Answer 25

Right to:
- information
- Access
- Erasure
- object
- Rectification
- Data portability
- Restricted data processing
- automated decision making

Question 26

What is SAR

Answer 26

Subject Access Rights

Demand that the individual be given all the information that a company holds on them

Question 27

What was the freedom of information Act?

Answer 27

• come in effect in 2000
• allows an individual to request access to information held by a public body
• public body is required to provide that information in requested format
• they can charge a fee for this

Question 28

what are the provisions of the Land Registry Act 2002?

Answer 28

• Provides a complete and accurate reflection of the state of the title of land
• aim is to get all freehold land in England and wales registered by 2030

Question 29

Disadvantages of the system you use?

Answer 29

• rely on data input completed by others (human error)
• external systems - firms is not in control of security
• not user friendly and lots of staff training required

Question 30

What were the changes as a result of GDPR

Answer 30

• customer has greater control
• Harsher penalties
• Legally enforceable
• Applies to all EU nations
• Breaches reported in 72 hours
• companies accountable for data protection
• any firm with over 250 employees accountable.

Question 31

Name some data security technologies

Answer 31

• Disk encryption - encrypt data on secure hard drive disk
• Regular back-ups off site
• Password protection
• Use of anti-virus software protection
• Firewalls and disaster recovery procedures

Question 32

What is copy right?

Answer 32

Set of exclusive rights given to an author or creator for an original piece of work. It is seen as a form of intellectual property