Matt - Data management - Level 1

Question 1

What is the Commissioners for Revenue and Customs Act (2005)?

Answer 1

It is the Act that introduced HM Revenue and Customs, and it also covers details about the role of the Valuation Office Agency.

Question 2

Can you list some sections of the Commissioners for Revenue and Customs Act (2005) and what they relate to?

Answer 2

Section 7 - Details how the VOA compiles and maintains Valuation Lists and Rating Lists

Section 10 - Details the list of clients that the VOA may act for such as for HMRC or other public bodies

Section 17 - Sharing of information between HMRC and VOA

Section 18 - Sharing of information outside of VOA

Section 19 - Criminal offence to disclose information that can identify an individual

Question 3

What does the Commissioners for Revenue and Customs Act (2005) detail about information sharing?

Answer 3

Information sharing can only be done if it is reasonable and proportionate to do so, and there is a duty of confidentiality.

Question 4

What is the Data Management Act (2008)?

Answer 4

Sorry, this is a mistake on my submission. I mean the Data Protection Act (2018)

Question 5

What is the Data Protection Act (2018)?

Answer 5

This is the UK’s implementation of the General Data Protection Regulations

Question 6

What is the purpose of the Data Protection Act (2018)?

Answer 6

It gives people the right to be informed about how their personal information is used

Question 7

What are the 7 data protection principles for the Data Protection Act (2018)?

Answer 7

1. Lawfulness, fairness and transparency
2. Legitimate interest (purpose limitation)
3. Data minimisation (adequate, relevant and not excessive)
4. Accurate and up to date
5. Storage limitation (don’t keep for longer than necessary)
6. Confidentiality
7. Accountability

Question 8

What are potential fines for data protection breaches?

Answer 8

1. Warning
2. Restrictions on data processing
3. Fine of up to 4% of annual turnover of the company or £17.5m, whichever is greater

Question 9

How do you and your firm ensure that data is kept secure?

Answer 9

1. Firewalls
2. Strong passwords / 2FA
3. Encryption
4. VPNs

Question 10

What would you do if data was breached?

Answer 10

1. Inform the Data Protection Officer within 72 hours
2. Give as many details as possible

Question 11

What are the General Data Protection Regulations (2018)?

Answer 11

A europe wide law setting out how organisations need to handle personal data from May 2018

Question 12

What does GDPR relate to?

Answer 12

Personal data - any information relating to an identifiable person

Question 13

What role must all firms have under GDPR?

Answer 13

1. Controller
2. Processor
3. Data Protection Officer

Question 14

What are the 8 individual rights under GDPR?

Answer 14

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erase
5. Right to restrict processing
6. Right to portability
7. Right to object
8. Rights in relation to automated decision making and profiling

Question 15

What are the 6 principles under Article 5(1) for GDPR?

Answer 15

1. Processed lawfully and in a transparent manner
2. Collected for specified explicit and legitimate interest
3. Adequate, relevant and necessary
4. Accurate and up to date
5. Not kept longer than necessary
6. Processed in a manner which ensures appropriate security

Question 16

How long should you hold personal data for?

Answer 16

I understand that my organisation hold it for 6+1 years

If data is contained from a contract, then it should be held for 6 years

If data is contained from a deed, then it should be held for 12 years

The longest time would be 15 years for litigation

Question 17

What is the Freedom of Information Act (2000)?

Answer 17

It is an Act which gives individuals:

1. The right to access information held by public bodies
2. Allows access to official information

Question 18

What is the timeframe for a Freedom of Information request and does it need to be in writing?

Answer 18

Within 20 working days of the request and yes.

Question 19

When may a Freedom of Information Request be refused?

Answer 19

1. Contrary to GDPR
2. Too costly or time consuming
3. Prejudice criminal matter under investigation or a persons commercial interest
4. Repeat request

Question 20

What is a Subject Access Request (SAR)?

Answer 20

It is a written request to a company asking for access to the personal information it holds on you.

Question 21

What are some data sources you would use to check statutory functions?

Answer 21

1. Asbestos
2. Flood zone
3. EPC/MEES
4. Land Registry
5. Business rates

Question 22

What is the role of the Controller?

Answer 22

The role of someone that determines the purposes and means of processing the personal data

Question 23

What is the role of the Processor?

Answer 23

Someone who processes personal data on behalf of the controller

Question 24

What is the role of the Data Protection Officer?

Answer 24

A leadership role required by EU GDPR. They are responsible for the data protection approach, strategy and its implementation.