Data Management Flashcards

1
Q

What is GDPR?

A

General Data Protection Act 2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is GDPR for?

A
  • “harmonise” data privacy laws across Europe

- give greater protection and rights to individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 8 rights of individuals under GDPR?

A
  • Right to be informed
  • Right of access
  • Right to object
  • Right to rectification
  • Right to restrict processing
  • Right to data portability
  • Right to be forgotten
  • Rights in relation to automated decision making and profiling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What protection was there for personal data before GDPR?

A

Data Protection Act 1998

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who does GDPR affect?

A

All companies that collect or process personal information on EU citizens regardless of where they are based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What will happen to GDPR post brexit?

A

Govt is working to enshrine them in UK law post-brexit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s the difference between GDPR and DPA 98?

A
  • Scope; it’s a binding regulation rather than directive
  • Definition of personal data; now incl location data, genetic info, online identification markers, not just personal details
  • Consent policies; now you must opt-in
  • data breach; now obliged to report breach
  • penalties; much more severe. Previously £500k max or 1% annual turnover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the penalties for non-compliance with GDPR?

A

EU20m or 4% of annual turnover, whichever is higher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 6 principles of GDPR?

A
1 Lawfulness, fairness and transparency.
2 Purpose limitation.
3 Data minimisation.
4 Accuracy.
5 Storage limitation.
6 Integrity and confidentiality (security)
(Accountability?)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does your company collect and store data?

A
  • Every month we submit tender returns to admin

- Data is taken and modelled in monthly tender reports, TPI forecasts etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do you use historic data for current day projects?

A
  • I ensure it’s relevant information in terms of scope/size etc
  • Use location/date indices to bring it to present day
  • if I’m using it for benchmarking I hide names of the project/ensure client is okay with me using the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why would you use in-house data over BCIS?

A

As useful as BCIS is, in-house data can be very bespoke if we do the same type of building in the same place regularly (lucky GT is v big firm)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is BCIS?

A

Building Cost Information Service

Cost and price information is collected by BCIS from across the UK construction industry, then collated, analysed, modelled, interpreted and made available to the industry to facilitate accurate cost planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What’s SPONs?

A

Price book for accurate price data for the UK construction industry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How would you protect data/information?

A
  • Information barrier
  • Clean desk policy
  • Take calls in private
  • Password protect files
  • Encrypted files
  • Sign NDA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who enforces GDPR?

A

Information Commissioner’s Office (ICO).

17
Q

How does your company comply with GDPR?

A
  • Training to ensure awareness
  • Information audit to understand what info we have, where we store it, who shared with
  • Check procedures accommodate rights of individuals (right to delete their info etc)
  • have procedures in place to detect, report, and investigate a personal data breach