Optional - Data Management (L3)

Question 1

What is GDPR?

Answer 1

GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union

Question 2

What Act Implemented the GDPR in the UK?

Answer 2

The Data Protection Act (2018), which replaces the Data Protection Act 1998 after 20 years.

Question 3

What do you need to do if you have a data breach?

Answer 3

Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.

Question 4

What are the fines for non-compliance with UK GDPR?

Answer 4

For serious breaches of the data protection principles, ICO power to issue fines of up to £17.5 million or 4% of your annual worldwide turnover, whichever is higher

Question 5

What are the 8 Individual Rights Under GDPR?

Answer 5

1. Right to Be Informed of info being held
2. Right of Access
3. Right of Rectification
4. Right to Erasure
5. Right to Restrict Processing
6. Right to Data Portability
7. Right to Object
8. Right to Automated Decision Making

BARE ROPA

Question 6

When was the Freedom of Information Act Enforced, and what does it do?

Answer 6

The freedom of information Act came into effect in 2000, it allows an individual to request access to information held by a public body. The public body is required to provide that information (normally in 20 working days) in the requested format, however they can charge a fee for this.

Question 7

Give me an example of how your company is compliant with GDPR

Answer 7

On marketing emails, we give people the right to be removed from our database.

Question 8

Does your company tell people how their data is stored?

Answer 8

Yes, our website gives detail on our ‘Fair Processing Notices’ which outlines:
* our purpose of collecting personal data
* how to unsubscribe from marketing communication
* special catergories of data are necessary for fulfilling legal obligations relating to AML

Question 9

What Act Implemented the GDPR in the UK?

Answer 9

The Data Protection Act (2018), which replaces the Data Protection Act 1998 after 20 years.

Question 10

What is GDPR?

Answer 10

GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018 as part of the UK Data Protection Act.

It aims to create a single data protection regime for the European Union

Question 11

What do you need to do if you have a data breach?

Answer 11

Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.

Question 12

What are some examples of data security technologies?

Answer 12

Disk encryption (encrypting data on a secure hard disk drive)
regular back-ups offsite
password protection
use of anti-virus software protection
firewalls
VPNS (Virtual Private Networks)

Question 13

What is a firewall?

Answer 13

Network security device that monitors traffic to or from your network

Question 14

What is copyright?

Answer 14

A set of exclusive rights granted to the author or creator of any original work inc. the right to copy. Form of intellectual property

Question 15

What is triangulation?

Answer 15

Triangulation is the process of verifying data from multiple sources to validate any data collected

Question 16

Who polices the Data Protection Act and UK GDPR?

Answer 16

Information Commissioners Office (ICO)

Question 17

What are the individual rights under UK GDPR? (8)

Answer 17

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Right to automated decision-making and profiling.

Question 18

What are the principles of the UK GDPR? (5)

Answer 18

Personal data must be
1. processed lawfully, fairly and in a transparent manner
2. collected for a specific and legitimate purpose
3. accurate and kept up to date
4. kept no longer than necessary
5. processed in a secure manner.

Question 19

What is the link between UK GDPR and Data Protection Act 2018?

Answer 19

When UK left EU in 2016, it formed its own regulations, the UK GDPR which is covered by the Data Protection Act 2018

Question 20

What is the aim of the UK GDPR/Data Protection Act 2018?

Answer 20

Aims to create a single data protection regime affecting businesses and empowering individuals to take control of how their data is used by third parties

Question 21

What is an SAR?

Answer 21

Subject Access Request – Demand that the individual be given all the information that a company holds on them.

Question 22

When was the Freedom of Information Act Enforced, and what does it do?

Answer 22

The freedom of information Act came into effect in 2000, it allows an individual to request access to information held by a public body. The public body is required to provide that information (normally in 20 working days) in the requested format, however they can charge a fee for this.

Question 23

What are some of the requirements of the UK GDPR/Data Protection Act 2018? (4)

Answer 23

1. Obligation to conduct data protection impact assessments for high-risk holding of data
2. Data controllers decides how and why personal data is processed and is directly responsible for GDPR
3. ‘Data Accountability’ ensures that organisations can prove to the ICO how they comply with the new regulations
4. Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.

Question 24

What is the Freedom of Information Act 2000? (2)

Answer 24

Give individuals right of access to information held by public bodies. Public body is required to supply it within 20 working days

Question 25

Are there any exemptions to the Freedom of Information Act 2000? (2)

Answer 25

1. If something is contrary to the UK GDPR
2. If something would prejudice a criminal matter under investigation.

Question 26

How does an NDA work?

Answer 26

legally enforceable contract between two parties relating to sensitive information

Question 27

What is included in an NDA?

Answer 27

1. parties
2. definition of what is deemed confidential
3. scope of confidentiality
4. exclusion of confidentiality
5. signatures

Question 28

Who is bound by the NDA - the signatory or whole company?

Answer 28

Whole company

Question 29

How does your firm keep its data secure?

Answer 29

1. Regular password changes, regular back-ups of site (daily – through ‘OneDrive’)
2. not allowed external hardware e.g. USB
3. two-factor authentication and log-in
4. restricted file access

Question 30

How can you keep a confidential folder safeguarded?

Answer 30

Ensure restricted access, use non-descript project names, store properly.

Question 31

How do you ensure accuracy in your data records?

Answer 31

Through triangulation - method of verifying data and through regular review. Also restricting access to data controllers

Question 32

What country do you store your data in (and does it matter)?

Answer 32

Store in the UK – covered by Data Protection Act 2018 – some countries do not have the same levels of security around data, GDPR etc. outside of the EU for example.

Question 33

Does it make a difference whether a file/folder contains personal data or purely company data?

Question 34

How does a virtual data room comply with GDPR Rules?

Question 35

How do you shut down a data room securely?

Question 36

How do you set up a data room?

Question 37

What is leasing velocity?

Question 38

What are the limitations of using external databases?

Answer 38

• Can’t always confirm accuracy
• Can’t always verify source of information
• Needs to be carefully considered and caveated

Question 39

What are the advantages of external databases?

Answer 39

• Volume of information
• Quick access to information
• Cover areas/data you do not personally hold

Question 40

Are there any proposed developments in Data Management for RICS?

Answer 40

Proposed RICS Professional Statement on Data Handling and the Prevention of Cyber Crime.

Address how surveyors collect, store and use data.

Address cyber risks posed by modern ways of working including portable devices.