Data Management

Question 1

What does GDPR stand for ?

Answer 1

General Data Protection Regulation (how we collect and process personal data)

Question 2

When did GDPR come into affect ?

Answer 2

25 May 2018 (UK).

Question 3

What are the maximum fines (UK GDPR) , how are the fines calculated?

Answer 3

• £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher

Question 4

Have you completed any training on GDPR ? what did you learn ?

Answer 4

Yes, please see CPD.

Question 5

What legislation covers data protection in the UK ?

Answer 5

Data Protection Act 2018 and UK GDPR

Question 6

Who does Freedom of Information Act Apply to?

Answer 6

Public right of access to information held by public authorities.

Question 7

Does GDPR apply post Brexit ?

Answer 7

Converted into UK Law on 1st Jan 2021 under the title UK GDPR.

Question 8

What will the changes include (GDPR post Brexit)?

Answer 8

UK government will control the UK GDPR as opposed to the European union.

Question 9

Who oversee information rights in the UK ?

Answer 9

ICO - Information Commissioners Office

Question 10

What happens if you are sharing or processing data from the EU ?

Answer 10

Adhere to :
• UK GDPR
• EU GDPR
• Data Protection Act 2018

Question 11

Who enforces the data protection ?

Answer 11

Information commissioners office - ICO

Question 12

How do you ensure data you hold on clients is kept secure and confidential ?

Answer 12

1) Smart passwords/Firewalls/Anti-virus software.
2) Limit access to sensitive data.
3) Update security

Question 13

What are the 7 GDPR principles? - LADSPAS

Answer 13

• Lawfulness, fairness and transparency – leave the individual fully informed
• Accuracy – where necessary kept up to date, erase inaccurate personal data without delay
• Data minimisation – collect the minimum data you need
• Storage limitation – Retain the data for a necessary limited period and then eras
• Purpose limitation – must inform your clients about the purpose of the data collection
• Accountability – Record and prove compliance
• Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall

Question 14

How have you changed the way you managed data during COVID 19 and home working ?

Answer 14

1) Only use work equipment
2) The storage of files/documents to be locked away,
3) Regular update on password protected equipment etc.

Question 15

Why do you keep company data for 12 years?

Answer 15

PII insurance requirement (contracts under deed are kept for a minimum of 12 years and under hand for 6 years).

I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

Question 16

What is project extranet?

Answer 16

Network that allows controlled access from the outside for specific project purposes.

Question 17

What is BIM?

Answer 17

Building Information Modelling. Software creating 3D models that allow industry professionals to better plan, design, construct and mange buildings/infrastructure.

Question 18

What are the disadvantages of BIM?

Answer 18

Very expensive

Lack of use = less experts

Question 19

How does BIM effect your role as a CA?

Answer 19

I’ve not used it but I would imagine that it simplifies the process by theoretically reducing the amount of variations required.

Question 20

What should you do if there is a data breach ?

Answer 20

Inform the Information Commissioner’s Office… no later than 72 hours after becoming aware of it.

Question 21

What are ISO Standards ?

Answer 21

International Organisation for Standardisation.
An international standard setting body of representatives from varying national standards.
• ISO 9000 – Quality Management Systems
• ISO 8000 – Data Quality

Question 22

What is the limitations act ?

Answer 22

The Limitation Act 1980 is an Act of the Parliament applicable only to England and Wales. It is a statute of limitations which provides timescales within which action may be taken for breaches of the law.

Question 23

What year was the Limitation Act published?

Answer 23

1980

Question 24

Can you give me some example of the data you manage ?

Answer 24

• Client details
• Contact details
• Project details
• Complaints

Question 25

What is personal data ?

Answer 25

Personal data only includes information relating to natural persons who: • can be identified or who are identifiable, directly from the information in question; or • who can be indirectly identified from that information in combination with other information.

Question 26

What are a persons right under the Data Protection GDPR rights ?

Answer 26

* The right to be informed * The right of access * The right to rectification * The right to erasure * The right to restrict processing * The right to data portability * The right to object * Rights in relation to automated decision making and profiling

Question 27

What is the process if there is a data breach ?

Answer 27

Duty on all organisation's to report certain personal data breaches to the relevant supervisory authority (72 hours). • If high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay. • Robust breach detection, investigation and internal reporting procedures in place. • Keep a record of any personal data breaches (regardless of notification).

Question 28

Can you expand on what BCIS is ?

Answer 28

The Building Cost Information Service: •cost and price data for the UK construction industry.

Question 29

What are the principles of the Data Protection Act 2018 ?

Answer 29

``` LADSPAI • Lawfulness, fairness, and transparency. • Accuracy. • Data minimization. • Storage limitation. • Purpose limitation. • Accountability. • Integrity and confidentiality. ```

Question 30

What is the Data Protection Act 2018 ?

Answer 30

Controls how your personal information is used (organisations, businesses or the government).

Question 31

What are the principles of the data protection act ? PCRCDM

Answer 31

* Proportionality * Commitment (Top Level) * Risk assessment * Communication * Due Diligence * Monitor and Review

Question 32

Why is it important that we safeguard information?

Answer 32

Can be used maliciously.

Question 33

What kind of information is 'sensitive' information?

Answer 33

Health records, Financial information Address

Question 34

What are the benefits of using external data sources such as BCIS etc?

Answer 34

* Industry wide data * Standardisation * Data management

Question 35

What does your company do to ensure a clients information is kept secure and confidential ?

Answer 35

* Operate a clear desk policy * Shredding of details etc * Two factor authentication of IT systems

Question 36

How long do you keep client’s data and how do you ensure it is deleted when necessary?

Answer 36

Dependent on the type of data and the contract • Under hand - 6 years • Under deed - 12 years • Limitations act – 15 years

Question 37

What types of breaches are there under GDPR ? DDA

Answer 37

* Disclosure * Destruction * Alteration

Question 38

What is personal information ?

Answer 38

* Address * DOB * Bank details

Question 39

What is sensitive information/data ?

Answer 39

* Medical records | * Sexual orientation

Question 40

Why does using standard templates such as CAD and Reports assist your company?

Answer 40

Flexibility, Easy to update (centrally), Provide consistency = professional Easily tracked and updated.

Question 41

Who are the key persons outlined within GDPR?

Answer 41

1) CONTROLLER (determines purpose and means of processing personal data- EMPLOYER) 2) PROCESSOR- (Processes data on behalf of the controller- call centre) 3) Data Protection Officer (DPO)- Leadership role-overseeing data protection approach, strategy, implementation.