Optional - Data Management (L3)

Question 1

Summary of experience: level one

What is GDPR?

Answer 1

GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union.

Question 2

Summary of experience: level one

What do you need to do if you have a data breach?

Answer 2

Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.

Question 3

Summary of experience: level one

What are the fines for non-compliance with UK GDPR?

Answer 3

Up to 4% of global turnover, or £7.5 million. (Whichever is greater)

Question 4

Summary of experience: level one

What are the principles of Data Protection Act 2018?

Answer 4

• Processed lawfully, fairly and in a transparent manner
• Collected for specified and legitimate purposes
• Accurate
• Not transferred to countries with less info than your own

Question 5

Summary of experience: level one

What are the 8 Individual Rights Under GDPR?

Answer 5

1. Right to Information
2. Right of Access
3. Right of Rectification
4. Right to Erasure
5. Right to Restrict Processing
6. Right to Data Portability
7. Right to Object
8. Right to Automated Decision Making

(IARERDOA)

Question 6

Summary of experience: level one

What is an SAR?

Answer 6

Subject Access Request – Demand that the individual be given all the information that a company holds on them.

Question 7

Summary of experience: level one

What are the principles of UK GDPR?

Answer 7

A. There are six:
(1) Lawfulness, fairness and transparency
(2) Integrity and confidentiality (security)
(3) Accuracy
(4) Data minimization – only collect it when you need.
(5) Purpose Limitation – be specific about the purpose of the data collection
(6) Accountability – record and prove compliance
(7) Storage Limitations – store data for a necessary limited period and then erase

Question 8

Summary of experience: level one

Give me an example of how your company is compliant with GDPR

Answer 8

• When we send out marketing emails to prospective purchasers, we send emails individually rather en masse.
• On marketing emails, we give people the right to be removed from our database
• Privacy notice when we collect data
• Fair Processing Notice on website

Question 9

Summary of experience: level one

Does your company tell people how their data is stored?

Answer 9

Yes, our website gives detail on our ‘Fair Processing Notices’ which outlines:
* our purpose of collecting personal data
* how to unsubscribe from marketing communication
* special catergories of data are necessary for fulfilling legal obligations relating to AML

Question 10

Summary of experience: level one

What is Primary Data?

Answer 10

Data that is collected first hand

Question 11

Summary of experience: level one

What is Secondary Data

Answer 11

Data that we access from third party sources

Question 12

Summary of experience: level one

What are the limitations of Secondary Data?

Answer 12

We cannot verify the accuracy of the data as we did not collect it ourselves

Question 13

Summary of experience: level one

How do you check secondary data?

Answer 13

Get to the source of the data. If the primary data collector is identifiable, try and verify the information directly with them

Question 14

Summary of experience: level one

Has the UK got its own version of GDPR?

Answer 14

DPA 2018 is the primary piece of legislation that replaced DPA 1998 and filled in the blanks that EU GDPR couldn’t specifically address in the UK.

After the Brexit transition period, UK GDPR came into force 01/01/2021. UK GDPR is essentially the same as EU GDPR and must be read in conjunction with DPA 2018.

Question 15

Summary of experience: level one

What is personal data?

Answer 15

Information that makes someone personally identifiable

Question 16

Summary of experience: level one

Who is responsible for DPA/GDPR compliance within a business?

Answer 16

Data Protection Officer (DPO)

Question 17

Summary of experience: level one

How do you keep personal data secure?

Answer 17

• Authenticated access to systems
• Two factor authentification
• Encryption
• Ensure integrity of data collection systems
• Continually evolve and test systems

Question 18

Summary of experience: level one

What should you do if there is a data breach?

Answer 18

• Report to DPO
• If necessary, they will report to ICO within 72 hours
• If there is high risk to indviduals (e.g. leaked hospital records) then you must notify individuals concerned

Question 19

Summary of experience: level one

What does the UK GDPR state about the processing and collection of data from individuals?

Answer 19

Individuals have the right to be informed. You must provide them with privacy information at the time you obtain their data.

Question 20

Summary of experience: level two

For the valuation of a country house hotel in the Scottish Highalnds, what data did you put in Excel?

Answer 20

I exported everything that we collate, but not all of it was relevant. So I cleaned up the data to leave:

• Hotel type: Boutique/Country House/Luxury
• Address: Region and postcode
• Turnover: £1m-£2m
• No. of bedrooms: 20
• Date Sold: within last four years
• Multiple Range

Question 21

Summary of experience: level two

What sort of locations were similar?

Answer 21

• Skye
• Arrochar
• Islay
• Oban

Question 22

Summary of experience: level two

What types of transaction were you looking for?

Answer 22

Other freehold hotel transactions

Question 23

Summary of experience: level two

What was the multiple range did they have?

Answer 23

Between 5x-10x

Question 24

Summary of experience: level two

Why did you look at the apartments on a £ per sq ft basis?

Answer 24

We were valuing the freehold value only. Client was looking to acquire the asset as they only managed it on behalf of owner.

Question 25

Summary of experience: level two

How do you check secondary data?

Answer 25

Get to the source of the data to verify it

Question 26

Summary of experience: level three

You identified that you were not completing trade assessment analysis as part of profits method valuations as efficiently as possible, how were you doing it previously?

Answer 26

Manually adding lines of data together in excel/calculator to summarise data in the format that we wanted to present it

Question 27

Summary of experience: level three

Talk me through the process

Answer 27

• Create a source database that input narrative and translated Christie & Co narrative
• Use VLOOKUP to automatically transcribe source data narrative into our standard narrative
• Use PIVOT to prsent a cumulative view of mulitple lines of data
• Use GETPIVOT to link manipulated data to our trade assessment format

Question 28

Summary of experience: level three

How did you ensure that this was accurate?

Answer 28

• Parallel run of both methods
• Pilot scheme to test validity of process
• Lock down formulas once we’d proven it works

Question 29

Summary of experience: level three

What regulation are you mindful of when receiving interest from multiple parties?

Answer 29

Estate Agents Acts 1979 states that you must disclose all bids in writing to the vendor

Question 30

Summary of experience: level three

How did you determine the credentials of the prospective buyers to meet the goals of the Client?

Answer 30

I am referring to their ability to perform and conclude a deal. This is based on anecdotal evidence from speaking with more experienced Agents in the sector as well as speaking to other professionals in the due dilligence process that may be able to comment e.g. solicitor