Data Management

Question 1

What is GDPR?

Answer 1

EU General Data Protection Regulation 2016 (GDPR)

Question 2

What is the Data Protection Act 2018?

Answer 2

The UKs implementation of GDPR

Question 3

When did the Data Protection Act come into force?

Answer 3

25th May 2018 -> replaced Data Potection act 1998

Question 4

Is there any RICS guidance on Data Management?

Answer 4

(archived) RICS Guidance Note - Electronic Document Management

Question 5

When did GDPR come into force?

Answer 5

May 2018 (same as DPA 2018)

Question 6

Why was the Data Protection Act 2018 introduced?

Answer 6

1998 Act -> brought in to cover modern data and technology
2018 Act -> to incorporate new EU GDPR legislation

Question 7

What are the principles of GDPR and DPA 2018?

Answer 7

• Information used lawfully, fairly and transparently
• collected for specified, explicit, and legitimate purposes
• Adequate, relevant and limited to necessity
• accurate (kept up to date)
• Kept no longer than necessary
• Kept safe

Question 8

What are the individual rights under GDPR and DPA 2018?

Answer 8

• To be informed
• To access
• To rectification
• To erasure
• To restrict processing
• To data portability
• To object
• To automated decision making and profiling

Question 9

What are th penalties under GDPR and DPA 2018?

Answer 9

Fines (4% of annual global turnover or 20 million Euros)

Question 10

What is the purpose of GDPR?

Answer 10

Protect citizens data

Question 11

What constitutes personal data?

Answer 11

Information relating to a person to identify that person

e.g. names, photo, email, bank details, IP address

Question 12

Give some examples of personal data under GDPR that could apply to the property companies

Answer 12

• Data relating to investors
• Fund managers
• Valuations
• Compliance
• Bookkeeping payroll
• Background checks
• HR

Question 13

To what organisations does GDPR apply?

Answer 13

All organisations

Question 13

Are any organisations exempt from GDPR?

Answer 13

Exceptions for organisations with fewer than 250 employees

Private individuals not engaged in business activities

Question 14

What is the ‘right to access’ under GDPR?

Answer 14

Individuals have the right to obtain confirmation that their data is being processed, access to their personal data and other supplementary information

Question 15

What is a breach notification under GDPR?

Answer 15

GDPR introduces a duty on all organisations to report certain data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach

• WHere the breach is likely to result in a high risk of adversely affecting individuals rights, freedoms they must be informed without delay

Question 15

How are breaches often discovered?

Answer 15

Access logs, reported thefts, lost equipment, or data security incident

Question 16

How have consent conditions been strengthened under GDPR?

Answer 16

Consent must be given with the purpose for data procesing attached to that consent
- Consent must be clear and indistinguishable from other matters and provided in an intelligible and easily accesible form, using clear and plain language
- It must be as easy to withdraw consent as it is to give it

Question 17

What is the right to be forgotten under gDPR?

Answer 17

Under Article 17 of the GDPR, individuals have the right to have personal files erased in certain circumstances

• i.e Data is no longer necessary for original purpose
• Data has been processed unlawfully

Question 18

What is data portability?

Answer 18

Introduced by GDPR
- The right for a data subject to receive personal data concerning them which they have previously provided in a ‘commonly ue and machine readable format’ and have the right to transmit that data to another controller

Question 19

What is privicy by design?

Answer 19

Legal requirement under GDPR
- Calls for the inclusion of data protection from the onset of designing systems, rather than as an addition

Question 20

What is a data protection officer?

Answer 20

An individual appointed to monitor internal compliance, inform and advise on an organisations’ data protection obligations

Only required if organisation is a public body or authority or if the organisation carries out certain types of processing activities

Question 21

Provide some examples of types of data held by surveying practices that are covered under GDPR?

Answer 21

• Data held to help service a Client (accounting info, compliance systems)
• Emails and other correspondence
• Other physical records held on file
• Customer data held for marketing purposes

Question 22

What are the obligations imposed by GDPR?

Answer 22

• must have knowledge of the data you store and process (including its location and security)
• Have to be able to delete every instance of an individuals data
• Must demonstrate compliance in managing data
• Must be able to prove how information is being used
• Must offer data portability

Question 23

Who regulates GDPR in the UK?

Answer 23

The Informatio Commissioners office

Question 24

What are the RICS best practice points for compliance with GDPR?

Answer 24

- Conduct data reviews to understand risks - Anonymise data where posisble - Encrypt where possible - Create breach policy response - Treat commercial data as personal data (even though not covered under GDPR) - Understand data processes

Question 25

What is your companys policy for data protection

Answer 25

Suspected breaches should be reported to the individual line mnagers or the firms data protection officer

Question 26

What is RICS best practice recommendations for using confidential information?

Answer 26

- Think about whether the information helf is personal information or confidential information - Document processes for which you hold information and gaining consent to hold - Keep a record of consent for processing, storage and retention - Check if you have appropriate contractual clauses for use of the information or the data used is owned or licenced for that use

Question 27

WHat should be included in a firms privacy notice?

Answer 27

- What information you have - What information will be used for - Which third parties you might share the information with - How long information is being kept for - What legal right the firm has

Question 28

What is SAR?

Answer 28

Subject Access Request - Demand that the individual be given all the information a company holds on them

Question 29

What is the Freedom of Information Act and when did it come into force?

Answer 29

Freedom of Information Act 2000 - Gives individuals the right of access to information held by public bodies - Public body must supply it in 20 working days (can charge a fee)

Question 30

What is requried for a Land Registry Compliant Plan?

Answer 30

- Drawn to scale of 1:100 or 1:200 - Have a scale measurement bar - Have the scale noted on a plan - INclude a 1:1250 scale map of the location - Full address - North point - Demise in red outline

Question 31

What are the proviions of the Land Registry Act (2002)?

Answer 31

- A frame work for the electronic property surveyancing - All freeholds and leases over 7 years must be registered - New regime for adverse possession (over 10 years) - Works towards Land Registry's goal of having all property registered electronically by 2030

Question 32

How do you comply with GDPR in your role?

Answer 32

- I report suspected breaches - I do not give out confidential or personal information - I keep records of consent for processing, storing and retaining data - I understand the information we hold that is protected by GDPR

Question 33

Give me an example of how you process and handle confidential information?

Answer 33

- I use document systems to add, amend and remove information - Data input forms - When sending information to solicitors, i ensure files are uploaded to a secure data room - Anonymised ELI information for TUPE - Password and account to enter management systems

Question 34

What does encryption mean?

Answer 34

Mathematical function that encodes data in such a way that only authorised users can access it

Question 35

WHat is a fire wall?

Answer 35

Network security system that monitors and controls incoming and outcgoing network traffic based on predetermined security rules

Question 36

Tell me about how you extract data from a source regularly used in your role

Answer 36

Extract data from leases and enter into a new lease input form. This is securely sent to Data Input who then upload the information to TRAMPS where the data is held securely for those with password access

Question 37

What is ISO 9001?

Answer 37

Sets out the requirement on how firms should control data and documents relevant to the service they provide

Question 38

What is the difference between a deed and a registered title?

Answer 38

Deed is a physical document declaring a persons legal ownership Registered title is ownership recorded with Land Registry electronically

Question 39

Give me an example of a property information tool

Answer 39

Government search website - title register Sharepoint vRoom Horizon TRAMPS

Question 40

Can you tell me about the retention of files and the Limitations Act 1980?

Answer 40

Section 5 of Limitations Act 1980 says legal action must be brought within 6 years of issue arising - Business then have a responsibility to keep documents for at least 6 years after they expire

Question 41

What does the Privacy and Electronic Communications Regulations 2003 apply to?

Answer 41

Make it unlawful to transmit an automated recorded message for direct marketing purposes via telephone, without prior consent to the subscriber

Question 42

Give me an example of how you ensure thatdata is kept securely

Answer 42

- Access is restricted to users by password - Firewalls in place by IT team to protect against hacking - Appropriate training undertaken to understand processes

Question 43

What is an AVM?

Answer 43

Automated Valuation Model - Mathematical / Statistical modelling with databases of existing properties and transactions to calculate real estate values

Question 44

Does RICS provide any guidance on AVM?

Answer 44

RICS Road Map: Automated Valuation Models Roadmap for RICS members and stakeholders, 2021

Question 45

Explain the growing use of AVMs in the industry?

Answer 45

Use of computer modelling in the science of valuation has merit in a world with increased availability and use of data - may reduce expensive litigation

Question 46

Are electronic signatures accepted by the Land Registry?

Answer 46

Yes, witnessed electronic signatures accepted from July 2020

Question 47

What type of documents can be signed electronically?

Answer 47

Deeds - must be witnessed Contracts

Question 48

What is an Electronic Document Management System?

Answer 48

type of software that stores, organises and manages documents in the form of electronic files -> Sharepoint