*EP APC Data Management

Question 1

What is GDPR 2016?

Answer 1

• General data protection regulation
• Relates to personal data
• Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by third parties
• Gives people stronger rights to be informed about how their personal information is used

Came into force May 2018

Question 2

Fines under GDPR?

Answer 2

The UK GDPR and DPA 2018 set a maximum fine of

£17.5 million or 4% of annual global turnover – whichever is greater –

for infringements

Question 3

What are the principles of GDPR?

Answer 3

1. Information processed lawfully, fairly and transparently.
2. Collected for legitimate reasons
3. Must be relevant
4. Must be accurate
5. Must not be kept for longer than necessary
6. Processed securely

Question 4

What are the 8 rights of GDPR?

Answer 4

1. Informed - Before data is collected, a data subject has the right to know how it will be collected, processed, and stored, and for what purposes.
2. Access – After data is collected, a data subject has the right to know how it has been collected, processed, and stored, what data exists, and for what purposes.
3. Correction - A data subject has the right to have incorrect or incomplete data corrected.
4. Erasure - A data subject has the right to have personal data permanently deleted.
5. Restrict - A data subject has the right to block or suppress personal data being processed or used.
6. Data Portability -

Question 5

What is the UK GDPR?

Answer 5

The UK left the EU on December 31, 2021.

After Brexit, the UK is no longer regulated domestically by the EU’s General Data Protection Regulation (GDPR), which governs processing of personal data from individuals inside the EU.

Instead, the UK now has its own version known as the UK-GDPR (United Kingdom General Data Protection Regulation).

The new UK-GDPR took effect on January 31, 2020.

Question 6

What is the Data Protection Act 2018?

Answer 6

UK’s implementation of GDPR.

Complete data protection system, governs personal data as well as all other data previously covered within the 1998 Act.

Amended 1st January 2021 to reflect Brexit.

Question 7

What is the Freedom of Information Act 2000?

Answer 7

Gives individuals the rights to access information held by public bodies

• • Public body must tell an individual requesting information whether it holds the information.
• • Required to provide the information within 20 working days.
• • It can charge for the provisoin of the information

1. Maximum disclosure: Freedom of information legislation should be guided by the principle of maximum disclosure
2. Obligation to publish: Public bodies should be under an obligation to publish key information
3. Promotion of open government: Public bodies must actively promote open government.
4. Limited scope of exceptions: Exceptions should be clearly and narrowly drawn and subject to strict “harm” and “public interest” tests.
5. Processes to facilitate access: Requests for information should be processed rapidly and fairly and an independent review of any refusals should be available.
6. Costs: Individuals should not be deterred from making requests for information by excessive costs.

Question 8

RICS documents for Data Handling?

Answer 8

Proposed RICS Professional Statement on Data Handling and the Prevention of Cyber Crime.

Address how surveyors collect, store and use data.

Address cyber risks posed by modern ways of working including portable devices.

Question 9

When did GDPR come into force?

Answer 9

25th May 2018

Question 10

What are the key requirements under GDPR (obligation, rights, appointment/responsibilities, accountability)?

Answer 10

• Obligation to conduction data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and to have it erased
• A data controller decides how and why personal data is processed and is directly responsible for GDPR
• ‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations

Question 11

What are the exemptions from the Freedom of Information Act 2000 (protection, prejudicial circumstances (2))?

Answer 11

• Contrary to the GDPR requirements
• It would prejudice a criminal matter under investigation
• It would prejudice a person’s/organisation’s commercial interest

Question 12

What are automated valuation models (AVMs), and when typically used?

Answer 12

• Software systems which can provide property valuations using mathematical modelling combined with a database
• They are most used for residential property
• By lenders for the loan origination process or subsequent revaluation for credit decision purposes�
• In-arrears assessment and planning

Question 13

What are the advantages of using AVMs (data, practical benefits, lack of human interaction), and therefore useful for what particular type of asset instruction?

Answer 13

• Able to consider a larger number of data points than a traditional valuation approach
• Saves time, money and resources
• Removes any human bias or subjectivity
• Useful for assessing the value of a property portfolio

can be built into existing electronic valuation processing platforms, to support lower-risk lending decisions�

Question 14

What are the disadvantages of using AVMs (physical, logic, data limitation)?

Answer 14

• Do not take into account property condition (valuation assumes an average condition as an inspection does not occur)
• Does not take into account nuanced factors such as the view or level of street noise
• Use transactional data which may lag the actual market i.e. cannot include evidence from properties which might be under offer

Lack of quantity and quality of good comparable data could lead to a valuation with a low confidence level.

Question 15

What do you understand by the term security of data?

Answer 15

Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.

Question 16

How can security of data be improved (E, BU, PP, AV, FW, DRP)?

Answer 16

• Disk encryption - encrypting data on a secure hard disk drive
• Regular back ups off site
• Password protection
• Use of anti-virus software protection
• Firewalls
• Disaster recovery procedures

Delete redundant data

Question 17

What does copyright mean, what form of property are they and what 3 things can you do with them?

Answer 17

• A set of exclusive rights granted to the author or creator of any original work, including the right to copy
• These rights can be licensed, assigned or transferred
• Form of intellectual property

Question 18

What is a deed?

Answer 18

A legal document made under seal

Question 19

How can you prove ownership of land which is not registered with the Land Registry?

Answer 19

The Deeds will set out information about the ownership and details of a property

Question 20

What do the Land Registry provide upon request and payment?

Answer 20

Copy of the official Title Register for registered property or land in the UK

Question 21

What does Title indemnity insurance cover/protection provided, and how paid?

Answer 21

• Protects a party for any claim arising from the title of a property e.g. title defects, restrictive covenants and easements
• Paid as a one-off premium

Legal indemnity insurance covers the buyer and the mortgage lender in the event of any loss of value on the property as a result of the defect. The indemnity policy doesn’t actually remedy the defect - it just provides financial compensation in the event of the defect causing a loss.

can indemify against restrictive covenants, lack of planning/regs, non certified boiler and windor installation.

Question 22

What are restrictive covenants, and who has enforcement rights/why?

Answer 22

• Agreement to restrict the use of land in some way for the benefit of other land users
• They are enforceable by successors as they run with the land

Question 23

How can a restrictive covenant be removed, and is it straightforward?

Answer 23

Make an application to the Upper Tribunal (Lands Chamber) but the grounds for discharge are very strict

Question 24

What are the RICS Data Standards (RDS), 2018/what set out/to support what/address what?

Answer 24

• Set of standards to support the capture, verification and sharing of data in a common format
• They address issues of digital data consistency

The benefits of sharing data can be seen across the sector, allowing market transparency, improved productivity and insights to share with our clients to win business and positively impact the built and natural environments around us.

Question 25

What data are the RICS Data Standards, 2018 already available for (2)?

Answer 25

• International Property Measurement Standards (IPMS)
• International Construction Measurement Standards (ICMS)

Question 26

What does the colour coding on Title Plans represent (Red/Green lines, Green/Blue/Orange shading)?

Answer 26

• Red Line – boundary of registered land
• Green Line – boundary of land removed from title
• Green Shading – land excluded from the title but within area
• Blue shading – right of way on registered land for use by other land
• Orange shading – right of way on other land for use by registered land

Question 27

What is included in a Land Registry title register
(Part A, D, T, D, R,
Part B, N/A O, D, PP, R,
Part C, M/F, ROI/L)?

Answer 27

• A: Property register - description of the property, tenure, the date the property was first registered and any rights it may benefit from e.g. private right of way
• B: Proprietorship register - name and address of the current owner, when they bought the property, how much was paid for it (if sold since 1 April 2000 (2002?)), any restrictions that limit the power of the owner and the class of the title
• C: Charges register - mortgages and other financial burdens received on the property. Other rights or interest that limit how the land or property can be used e.g. leases, rights of way or covenants

Question 28

What is a SAR, right provided?

Answer 28

• Subject access request
• Gives individuals rights to request any ‘personal data’ held on them. This right is a principle of GDPR

Question 29

What is “personal data” as defined by GDPR?

Answer 29

Personal data are any information which are related to an identified or identifiable natural person e.g. the telephone number, email address

Question 30

What professional statement is the RICS planning on releasing relating to the encryption of data and use of cloud-based storage facilities?

Answer 30

Data Handling and Prevention of Cybercrime, 2020

Question 31

Give me an example of a property information tool (4).

Answer 31

Land registry, Rightmove, Zoopla, Lonres

Question 32

What are the limitations of primary/secondary data sources?

Answer 32

Primary data refers to the first hand data gathered by the researcher himself. Secondary data means data collected by someone else earlier.

• Primary data more likely to be subject to human error
• Secondary data, likely to be outdated before you get it therefore, requires validation before reliance on it.

Question 33

What is the difference between a deed and registered title (goal scorer/assist)?

Answer 33

Title - is the legal way of saying you own a right to something. For real estate purposes title refers to the ownership of the property, meaning you have the rights to use that property. (Goal scorer)

Deeds - are the legal documents that transfer to title from one person to another. (Assist).

Question 34

What is a TR1?

Answer 34

Land registry TR1 form is a formal land registry document which literally transfers the legal ownership of a property from one party or parties to another party or parties.

Question 35

What other measures can you use to ensure the protection of data transfer (TLS/SSL, authentication, homeworking storage)?

Answer 35

• TLS (Transport Layer Security)
• SSL (Secure sockets layer)
• Implement two-factor authentication where access to client data and personal data is deemed a significant security risk.
• The use of VPNs for homeworking rather than storing data on personal devices

Question 36

What does encryption mean?

Answer 36

The process of converting information or data into a code, especially to prevent unauthorised access.

Question 37

What is a firewall?

Answer 37

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Question 38

What are the main methods of primary and secondary data collection?

Answer 38

Primary Data is collected directly from the source and Secondary is historic or collected from a third party.

Question 39

What are the differences between quantitative and qualitative research?

Answer 39

qualitative research generates “textual data” (non-numerical).

Quantitative research, on the contrary, produces “numerical data” or information that can be converted into numbers

Question 40

What must you do re. email communications to comply with GDPR?

Answer 40

Emails that show other recipients email addresses are in breach of GDPR.

Question 41

Outline the 4 typical cybercrime types.

Answer 41

 Phishing
 Ransomware
 Malware
 Identity theft

Question 42

How is data managed and protected in your firm?

Answer 42

1. Secure document storage
2. Back up of documents
3. Process for sharing documentation
4. Formatting and standardisation of reports

Question 43

What things must companies put in place to ensure GDPR compliance?

Answer 43

1. Raise awareness across your business
2. Audit all personal data
3. Update your privacy notes
4. Review your procedures supporting individuals rights
5. Identify and document your legal basis for processing personal data under he GDPR
6. Review how you seek obtain and record consent

Question 44

What are the key requirements of the Data Protection Act 2018?

Answer 44

1. Obligation to conduct data protection risk assessment
2. Rights to individuals to have access to information on what personal data is held and what is erased.
3. A data controller decides how and why personal data is processed.
4. NEW REG - ‘data accountability’ ensuring organisations can prove to the ICO (Information Commissioner’s Office how they comply with the new regulations.

Question 45

What happens if there is a data breach?

Answer 45

Inform ICO within 72 hours when there is a loss of personal data and and a risk of harm to individuals

Question 46

What is a Non-Disclosure Agreement?

Answer 46

A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together. e.g. accounting and financial stability of a company.

Question 47

What will the RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’. address?

Answer 47

1. encryption of protect data on portable devices
2. best practice when using cloud based storage facilities
3. ensuring appropriate data handling policies are in place in the event of a data breach or malware attached.

This is being put in place to protect a firm from serious reputation damage and financial loss.

Question 48

What are RICS sources of data?

Answer 48

Professional statements - Red book, conflict of interest…

Guidance notes - Comparable evidence…

Isurv

Modus

Rics.org

Question 49

What is data?

Answer 49

Information, normally facts and numbers, collected and used for decision making/analysis

Question 50

How does AWH protect its data?

Answer 50

We have a ‘server’ which requires a dual authenification log in

1. Password
2. DUO log in - secondary confirmation alert to a separate device

Question 51

How long should data be held for?

Answer 51

Most guidance points to 6 years however could be assessed on a case by case basis and depending on what is reasonable with regard to agreements with the client, and potential litigation.