Mandatory - Data Management

Question 1

Data Management - Extract from Candidate Guide - Aug 2018 (updated Feb 2022)

Answer 1

Question 2

What does GDPR stand for ?

Answer 2

General Data Protection Regulation

Question 3

When did GDPR come into affect ?

Answer 3

New rules relating to how we collect and process personal data - the EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018.

Question 4

What could happen if you do not meet the requirements ?

Answer 4

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher
• £8.7 million or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher

Question 5

Have you completed any training on GDPR ? what did you learn ?

Answer 5

Yes, please see CPD …..

Question 6

What are the maximum fines (UK GDPR) , how are the fines calculated ?

Answer 6

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher

Question 7

What legislation covers data protection in the UK ?

Answer 7

Data Protection Act 2018 and UK GDPR

Question 8

Who does Freedom of Information Act Apply to?

Answer 8

Public right of access to information held by public authorities.

Question 9

Does GDPR apply post Brexit ?

Answer 9

Yes, many aspects of GDPR will be converted into UK Law on 1st Jan 2021 under the titles UK GDPR. in turn companies will still need to comply

Question 10

What will the changes include (GDPR post Brexit)?

Answer 10

UK government will control the UK GDPR as opposed to the European union.

Question 11

Who oversee information rights in the UK ?

Answer 11

ICO - International Commissioners Office

https://ico.org.uk/

Question 12

What happens if you are sharing or processing data from the EU ?

Answer 12

Adhere to :
• UK GDPR
• EU GDPR
• Data Protection Act 2018
q

Question 13

Who enforces the data protection ?

Answer 13

Information commissioners office - ICO

Question 14

How do you ensure data you hold on clients is kept secure and confidential ?

Answer 14

I use secure documents that are stored on password protected machines and servers. I also only keep the information I need and use it for the purpose it has been collected without passing it on unless I have approval prior.

Question 15

What are the 7 GDPR principles? - LADSPAS

Answer 15

• Lawfulness, fairness and transparency – leave the individual fully informed
• Accuracy – where necessary kept up to date, erase inaccurate personal data without dela
• Data minimisation – collect the minimum data you need
• Storage limitation – Retain the data for a necessary limited period and then eras
• Purpose limitation – must inform your clients about the purpose of the data collection
• Accountability – Record and prove compliance
• Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall

Question 16

What does GDPR stand for ?

Answer 16

General Data Protection Regulation

Question 17

How have you changed the way you managed data during COVID 19 and home working ?

Answer 17

Only allowed to use work equipment, the storage of files/documents to be locked away, regular update on password protected equipment etc.

Question 18

What does the Freedom of Information Act enable?

Answer 18

Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates Limit access to sensitive data use smart passwords to resident details.

Question 19

How do you ensure the data that you hold on your clients is kept secure and confidential?

Answer 19

Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates.

Question 20

Why do you keep company data for 12 years?

Answer 20

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

Question 21

What is project extranet?

Answer 21

A computer network that allows controlled access from the outside for specific project purposes. Essentially is a system that allows individuals outside the company to view project files on a secure platform.

Question 22

What is BIM?

Answer 22

Building Information Modelling. Software creating 3D models that allow industry professionals to better plan, design, construct and mange buildings/infrastructure.

Question 23

What are the disadvantages of BIM?

Answer 23

Very expensive and not all construction professionals use it and therefore less experts.

Question 24

How does BIM effect your role as a CA?

Answer 24

I’ve not used it but I would imagine that it simplifies the process by theoretically reducing the amount of variations required.

Question 25

What should you do if there is a data breach ?

Answer 25

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

Question 26

What are ISO Standards ?

Answer 26

International Organisation for Standardisation. An international standard setting body of representatives from varying national standards.
• ISO 9000 – Quality Management Systems
• ISO 8000 – Data Quality
• ISO 14001 – Environmental Management Systems
• ISO 45001 – Health and safety

Question 27

What is the limitations act ?

Answer 27

The Limitation Act 1980 is an Act of the Parliament of the United Kingdom applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

Question 28

Can you give me some example of the data you manage ?

Answer 28

• Client details
• Finances
• Contact details
• Project details
• Complaints
• etc

Question 29

What is personal data ?

Answer 29

Personal data only includes information relating to natural persons who:
• can be identified or who are identifiable, directly from the information in question; or
• who can be indirectly identified from that information in combination with other information.
• Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.

Question 30

What are the UK GDPR Principles ?

Answer 30

The UK GDPR sets out seven key principles:
• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/

Question 31

What are the GDPR rights ?

Answer 31

The UK GDPR provides the following rights for individuals:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Question 32

What is the process if there is a data breach ?

Answer 32

• The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
• If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
• You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.
• You must also keep a record of any personal data breaches, regardless of whether you are required to notify.

Question 33

What are the penalties for breaches of data protection?

Answer 33

The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements.

Question 34

Can you expand on what BCIS is ?

Answer 34

The Building Cost Information Service, provides cost and price data for the UK construction industry. It is a part of the Royal Institution of Chartered Surveyors.

Question 35

What are the principles of the Data Protection Act 2016 ?

Answer 35

LADSPAL

• Lawfulness, fairness, and transparency. Whenever you’re processing personal data, you should have a good reason for doing so.
• Purpose limitation.
• Data minimization.
• Accuracy.
• Storage limitation.
• Integrity and confidentiality.
• Accountability.

Question 36

Who enforces the data protection act ?

Answer 36

The Information Commissioner’s Office (ICO)

Question 37

What are the penalties available ?

Answer 37

The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover

Question 38

What is the Data Protection Act 2018 ?

Answer 38

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government

Question 39

What are the principles of the Bribery Act ?

Answer 39

PCRCDM
• Proportionality
• Commitment (Top Level)
• Risk assessment
• Communication
• Due Diligence
• Monitor and Review

Question 40

Why is it important that we safeguard information?

Answer 40

As personal data can be used in various ways

Question 41

What kind of information is ‘sensitive’ information?

Answer 41

Health records, financial information, address, educational records etc

Question 42

Why do the General Data Protection Regulations 2018 exist?

Answer 42

To control how your personal information is used by organisations, businesses or the government

Question 43

Which body is responsible for enforcing the GDPR?

Answer 43

The Information Commissioner’s Office (ICO)

Question 44

What does the Freedom of Information Act enable?

Answer 44

The Freedom of Information Act 2000 is an Act of the Parliament of the United Kingdom that creates a public “right of access” to information held by public authorities.

Question 45

What are the benefits of using external data sources such as BCIS etc?

Answer 45

• Industry wide data
• Standardisation
• Data management

Question 46

How do you ensure the data that you hold on your clients is kept secure and confidential ?

Answer 46

• We use an only system to carry out checks
• Operate a clear desk policy
• Shredding of details etc
• Two factor authentication of IT systems

Question 47

How do you ensure the data that you hold on your clients is kept secure and confidential ?

Answer 47

• We use an only system to carry out checks
• Operate a clear desk policy
• shredding of details etc
• Two factor authentication of IT systems

Question 48

How long do you keep client’s data and how do you ensure it is deleted when necessary?

Answer 48

Dependent on the type of data and the contract
• Under hand - 6 years
• Under deed - 12 years
• Limitations act – 15 years

Question 49

What are the 8 rights under GDPR ?

Answer 49

The Right to Information
The Right of Access
The Right to Rectification
The Right to Erasure
The Right to Restriction of Processing
The Right to Data Portability
The Right to Object
The Right to Avoid Automated Decision-Making

Question 50

What is the new data protection legislation in the UK ?

Answer 50

UK GDPR

Question 51

What types of breaches are there under GDPR ? DDA

Answer 51

• Disclosure
• Destruction
• Alteration

Question 52

What is personal information ?

Answer 52

• Address
• DOB
• Bank details

Question 53

What is sensitive information/data ?

Answer 53

• Medical records
• Sexual orientation

Question 54

What is copyright ?

Answer 54

Copyright is an intellectual property right assigned automatically to the creator. It prevents unauthorised copying and publishing of an original work. Copyright applies to research data and plays a role when creating, sharing and reusing data.

Question 55

What is EDM?

Answer 55

Electronic Document Management

Question 56

Who would usually own the copyright of a valuation report?

Answer 56

The surveyor, the client is licensed to copy it in connection with the purpose

Question 57

What key legislation relates to data protection in the UK?

Answer 57

Data Protection Act 2018

Question 58

Who does the DPA 2018 apply to?

Answer 58

Data controllers and processors

Question 59

Could a Professional Indemnity Claim be based on lost or corrupted data?

Answer 59

Yes