General

Question 1

How long do you need to keep data for?

Answer 1

6 years if contract signed under hand
12 years if under deed
RICS recommends up to 15 years, this is the limitation period for most legal claims

Question 2

Type of data systems your company uses?

Answer 2

Shared hard drives
Back up servers
Software such as teams

Question 3

What are the aims of the GDPR?

Answer 3

Gives the public a say on what is done with their personal information

GDPR was aimed at protecting all EU citizens from privacy and data breaches

Question 4

What is the Data Protection Act 2018?

Answer 4

It gives individuals the right to know what information is held about them and provides a framework to ensure that it’s handled properly.

Question 4

What is meant by penalties regarding GDPR?

Answer 4

4% of companies global turnover or £20m if GDPR is breached

Question 5

What challenges does the Data Protection Act pose?

Answer 5

Multiple users on systems
Saving files in incorrect locations
Server breakdown causing work or data to be lost

Question 6

How is the GDPR relevant in your day to day work?

Answer 6

I manage high amounts of sensitive data and this needs to be done in line with the data protection act and GDPR.

Question 7

What should companies have in place in regard to data protection?

Answer 7

Companies should employ a data protection officer, make sure they comply with all the data protection policy and be clear and transparent when talking about data.

Question 8

How do you ensure that you comply with data protection legislation?

Answer 8

I store and keep confidential information in line with Gleeds’ policy and maintain the clear desk policies on a daily basis

Question 9

What is the Freedom of Information Act 2000?

Answer 9

The Act provides individuals or organisations with the right to request information

Question 10

What data do you use in your work and how do you manage this?

Answer 10

Consider any data you collect such as financial figures, valuation figures, contact details, etc. and be able to explain how you ensure this complies with the legislation.

Question 11

What types of data is considered under GDPR

Answer 11

Any personal data including:
Name
Religion
Sexual orientation
Trade union membership
Physical or mental health
Genetic data

Question 12

What must you do if you accidentally breach GDPR and send information to the wrong person?

Answer 12

Report to your data protection officer who will then report it to ICO regulator

Question 13

What is submitted to BCIS?

Answer 13

Project type
Time it was undertaken
Costs
Programme

Question 14

What might your organisation keep hard copies of?

Answer 14

Books
Contracts
Tender documents
Design drawings

Question 15

What is a project extranet?

Answer 15

An electronic system in which project information can be distributed to the relevant parties, which is a secure way to collaborate

Question 16

What are the advantages and disadvantages of a project extranet?

Answer 16

Advantages include:
- Improves communication
- Accessible 24 hours per day
- Efficient
- Secure

Disadvantages:
- Can be expensive (subscription)
- Requires maintenance
- May require user training

Question 17

What is the purpose of GDPR?

Answer 17

Harmonise data privacy laws across all members of the EU and EEA, providing greater protection for individuals
Also addresses how business can handle information of those who interact with them

Question 18

Who are the key people named under GDPR?

Answer 18

Data Subject: who the data is about
Data Processor: who processes the data (such as assistant to the data controller)
Data Controller: deals with how and why the data has been collected / is being used
Data Protection Officer: implements the data protection regulations

Question 19

What constitutes personal data under GDPR?

Answer 19

Name
Photo
Email
Bank details
Medical information

Question 20

What are the 7 key principles under GDPR?

Answer 20

Lawfulness, fairness & transparency
Accountability
Data minimisation
Storage limitation

Purpose limitation
Accuracy
Confidentiality & Integrity

Question 21

What are the 8 individual rights under GDPR?

Answer 21

The right….:
1. To be informed
2. To Erasure
3. To rectification
4. To access
5. To data portability
6. To object
7. To automated decision making & profiling
8. To restrict processing

Question 22

Who enforces GDPR?

Answer 22

The information commissioners office

Question 23

Can you tell me the difference between an intranet and an extranet

Answer 23

Intranet = private network for employees to communicate and collaborate internally within an organisation
Extranet = private network outside of a company that allows authorised users to access, communicate and collaborate