M - Data Management Flashcards
Why is data management important?
- Increases efficiency and productivity
- Less likely to breach GDPR
- Enhanced security
Parties in GDPR
Data Controller - Decides how and why to collect and use data. Makes sure the processing of data complies with data protection law
Data Processor - Processes data on behalf of controller
Data Subject - individual whom data is about
Data Protection Officer - Guarantor of compliance with the data protection regulations
Legislations surrounding data management
- The Data Protection Act 2018 (GDPR)
- Freedom Of Information Act 2000
Can you name some sources of cost data
- BCIS
- In-house
- Tender returns
- SPONS
- Market testing
What is GDPR?
General Data Protection Regulation
A law that governs how organisations handle personal data
Benefits of cloud based storage systems
- Information is backed up securely on encrypted services
- Accessibility can be manage via online settings
- Usually cheaper than physical storage
- Environmentally friendly
If 2 separate teams in RLB were working for 2 rival companies how would you ensure sensitive client data was managed
- Make client aware
- Letter of instruction to continue
- Exclusivity of Staff
- NDA’s separate working locations
- Limit access to material to authorised staff
What things must companies put in place to ensure GDPR compliance
Raise awareness across business
Audit personal data,
Update your privacy notice,
What are the 7 principles of GDPR?
- Lawfulness, fairness and transparency
- Accuracy
- Storage limitation
- Confidentiality
- Accountability
- Purpose limitation
- Data minimisation
What are the penalties for breach of GDPR regulations?
Fines up to £17.5 million or 4% of annual global turnover
Persons rights under Data Protection Act (individual rights)
- To rectify
- To access
- To data portability
- To be informed
- To object
- To erasure
- To restrict processing
- To automated decision making & profiling
Non-disclosure agreement
Protection against sharing or disclosure of any confidential information covered under the NDA.
How long to keep data for?
6 years - Signed Underhand
12 years - Signed as a Deed
15 Years RICS Recommendation - Limitation period for most legal claims
Freedom of Information Act 2000
Provides public access to information held by public authorities
Two ways:
- Public authorities obliged to publish certain info about their activities
- Public entitled to request information from public authorities
Data Protection Act 2018 Key Principles
Ensures data is used:
- Fairly, lawfully and transparently
- Used adequately relevant and limited to the purpose which it is intended.
- Is retained for no longer than is necessary
- Processed securely including the protection against unlawful use, loss or destruction.
Data Protection Act 2018
Control how personal info is used by organisations, businesses or government
UK’s implementation of GDPR
Pupose of GDPR
- Provides guidelines for companies collecting, processing and storing data
- Give citizens rights (access, rectify data etc)
Who enforces GDPR
The Information Commissioners Office
What to do before destroying a document
- Check if original / legal document
- Could it be required for litigation
- Does it relate to live project
- Is back up available
What measures could be taken to protect commercialy sensitive info
- NDAs
- Physical seperation of staff
- Security of stored docs
How can we protect data being transferred on behalf of client
- Encryption
- Recorded delivery
- Mark as confidential
- Use secure networks
What is Information Barrier
Physical or electronic seperation of individuals of same firm
Classifying data (Confidential, Classified and Uncontrolled)
- Confidential - Data sensitive, requires restricted access
- Classified - Data typically used in nation security, requires high level protection
- Uncontrolled - Data available to public without restrictions
