Data Management

Question 1

What legislation can you name that applies to data protection in the UK?

Answer 1

The data protection act 2018.
UK General Data Protection Regulation (GDPR).

Question 2

What is the Data Protection Act 2018?

Answer 2

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Controls / stipulates how personal information if used by organisations, businesses and the government.

These parties must follow data protection principals which stipulate that information is:
1. Used fairly, lawfully and transparently.
2. Used for specified, explicit purposes.
3. Used in a way that is adequate, relevant and limited to only what is necessary.
4. Accurate and, where necessary up to date.
5.Kept for no longer than necessary.
6.Handles in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

The act also strengthens the protection for sensitive information such as race, political opinions, religious beliefs etc.

Gives individuals rights to be notified of a data hack, request information an organisation has about them and request a copy of the information that they have (with exceptions - if it relates to prevention, detection or investigation of a crime or national security etc.).

Question 3

What happens if a firm is in breach of the Data Protection Act 2018?

Answer 3

£17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

Act does stipulate some exceptions to breach; processing for journalistic and academic purposes to allow freedom of expression and a right to privacy.

Question 4

What does the Data Protection Act 2018 recommend organisations to do to keep data safe?

Answer 4

Carry out a data protection impact assessment to determine risks inside and outside of an organisation.

Employ an independent data protection officer to monitor internal compliance (actually compulsory for public organisations).

Question 5

What is personal data?

Answer 5

Personal data refers to any information which can be connected to an identifiable living individual such as a name or ID number. It can also include biometric data which is generated through specific processing related to the physical, physiological or behavioural characteristics of an individual, enabling easy identification from DNA, fingerprints or facial recognition software.

Question 6

What is processing?

Answer 6

Processing relates to any operation which is carried out on personal data, including recording, storing, altering or disclosing it to others as well as its restriction, erasure or destruction.

Question 7

What is an identifiable living individual under the Data Protection Act 2018?

Answer 7

An identifiable living individual is defined within the Act as someone who can either directly or indirectly be identified by particular reference to an identifier, such as their name, ID number of location data, for example an IP address

Question 8

What is a controller under the Data Protection Act 2018?

Answer 8

An individual who decides how and why data will be processed, either operating alone or in conjunction with others. Before data is processed, the controller is responsible for considering the impact the proposed processing could have on the rights and freedoms of the individuals who’s information will be affected.

Question 9

What is a processor under the Data Protection Act 2018?

Answer 9

They report to the controller, a processor is responsible for processing personal data on their behalf, although they retain accountability for any information they process and could be found liable if a data breach occurs.

Question 10

Under the Data Protection Act 2018 how quickly should an organisation release a copy of data upon request of an individual?

Answer 10

As soon as possible but no later than a month after receiving the request for information

Question 11

What authority enforces information rights in the UK?

Answer 11

ICO - Information Commissioners Office

Question 12

What principals does the UK GDPR set out?

Answer 12

Lawfulness, fairness and transparency – leave the individual fully informed

Accuracy – where necessary kept up to date, erase inaccurate personal data without dela

Data minimisation – collect the minimum data you need

Storage limitation – Retain the data for a necessary limited period and then eras

Purpose limitation – must inform your clients about the purpose of the data collection

Accountability – Record and prove compliance

Security - Integrity and confidentiality – Keep it secure, locked filing cabinet or fire wall

Question 13

How have you changed the way you managed data during COVID 19 and home working?

Answer 13

Only use company owned work equipment and storage of hard copies of files is limited to the office.

Regular updates for passwords etc.

Log into secure intranet - no files downloaded locally.

Question 14

How do you ensure the data that you hold on your clients is kept secure and confidential?

Answer 14

Limit access to sensitive data use smart passwords to resident details Firewalls and antivirus protection dedicated server stay on top of security updates.

Question 15

Why do you keep company data for 12 years?

Answer 15

It is a requirement of our PII insurance that all contracts under deed are kept for a minimum of 12 years and under hand for 6 years. I am aware of the limitation act to claims which can be brought about up to 15 years after the act of negligence.

Question 16

What should you do if there is a data breach?

Answer 16

Inform the Information Commissioner’s Office not later than 72 hours after becoming aware of it.

Question 17

Can you give me some example of the data you manage ?

Answer 17

Client details
Finances
Contact details
Project details
Complaints

Question 18

What are the GDPR rights?

Answer 18

The UK GDPR provides the following rights for individuals:
* The right to be informed
* The right of access
* The right to rectification
* The right to erasure
* The right to restrict processing
* The right to data portability
* The right to object
* Rights in relation to automated decision making and profiling

Question 19

What is the process if there is a data breach?

Answer 19

The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.

You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority or the affected individuals, or both.

You must also keep a record of any personal data breaches, regardless of whether you are required to notify.

Question 20

What information databases do you use for your work?

Answer 20

BCIS
BRE
Planning portal
NBS product specifier
Government EPC database

Question 21

What is BCIS?

Answer 21

The Building Cost information Service provides cost and price data for the UK construction industry. It is a part of the Royal Institution of Chartered Surveyors.

Offers numerous product datasets such as
BCIS Schedule of Rates

Question 22

What is BRE?

Answer 22

BRE is an independent and impartial, research-based advisory, testing and training organisation, offering expertise in every aspect of the built environment and associated industries.

Undertakes and publishes research to allow tackling of the current and future challenges of the built environment.

Question 23

Where does BCIS collect its data from?

Answer 23

From information submitted by its’ members - in return they will get a benchmark and TPI report - (Tender Price Index)

Question 24

What is Tender Price Index?

Answer 24

Measures the trend of contractors’ pricing levels in accepted tenders. BCIS offer this as a service.

Question 25

What are the benefits of using external data sources such as BCIS etc?

Answer 25

Industry wide data
Standardisation
Data management

Question 26

How do you ensure the data that you hold on your clients is kept secure and confidential?

Answer 26

We use an only system to carry out checks
Operate a clear desk policy
Shredding of details etc
Two factor authentication of IT system

Question 27

How long do you keep client’s data and how do you ensure it is deleted when necessary?

Answer 27

Dependent on the type of data and the contract
* Under hand - 6 years
* Under deed - 12 years
* Limitations act – 15 years

Question 28

What is BIM?

Answer 28

Building Information Modelling.

Building Information Modeling (BIM) is the holistic process of creating and managing information for a built asset. Based on an intelligent model and enabled by a cloud platform, BIM integrates structured, multi-disciplinary data to produce a digital representation of an asset across its lifecycle, from planning and design to construction and operations.