Data Management

Question 1

What is triangulation?

Answer 1

Process used to verify data through an alternative source
- Important when considering reliability of a source and risks

Question 2

How have you ensured data is secured safely?

Answer 2

• Regular back ups undertaken off site
• Disk encryption
• Firewalls and disaster recovery procedures
• Using anti-virus protection
• Password protection

Question 3

What is copyright?

Answer 3

Exclusive rights to work provided to the author or creator
- Rights can be assigned and transferred
- Essential to acknowledge any copyright in your own work

Question 4

What is crown copyright?

Answer 4

Refers to material created and prepared by the government, such as laws, public records and OS mapping

Question 5

What is Data Management?

Answer 5

The practice of collecting, storing and using data securely, efficiently and cost effectively

Question 6

What is hard and soft data?

Answer 6

Hard - quantifiable
Soft - less measurable - e.g. opinions

Question 7

What is an information barrier?

Answer 7

Physical or electronic barrier which prevents the transmission of information between individuals or firms

Question 8

What is GDPR?

Answer 8

EU General Data Protection Regulations (2016)

Question 9

What is the Data Protection Act (2018)

Answer 9

UK implementation of GDPR

Question 10

When did the Data Protection Act come into force?

Answer 10

25th May 2018 - replace 1998 DPA

Question 11

What is the purpose of GDPR?

Answer 11

Harmonise data protection across the EU
Alter how personal data is managed and handled to ensure stricter regulation

Question 12

How have consent conditions been strengthened under GDPR?

Answer 12

Consent must be given with the purpose of data processing attached to that consent
- It must be as easy to give consent as it is to reverse it

Question 13

When did GDPR come into force?

Answer 13

25th May 2018

Question 14

What is the role of the Data Protection Act?

Answer 14

Controls how personal information is used by organisations, businesses and the government
- Also govern data protected by GDPR

Question 15

Is there any RICS guidance on Data Management?

Answer 15

(Archived) RICS Guidance Note - Electronic Data Management

Question 16

Why did the Data Protection Act come into force?

Answer 16

• 1999 - Respond to the rise of Data
• 2018 - incorporate new GDPR regulation s

Question 17

What are the key principles of GDPR / DPA?

Answer 17

Data must be
- Lawful, fair and transparent
- Collected for specified, legitimate and explicit purposes
- Adequate, relevant and limited to necessity
- Accurate and kept up to date
- Kept no longer than required
- Kept safe

Question 18

What are the 8 individual rights under GDPR?

Answer 18

1) To be informed
2) To have access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling

Question 19

Who does GDPR affect?

Answer 19

All companies who hold date EU data

Question 20

Who polices and regulates GDPR in the UK?

Answer 20

Information Commission Office (ICO)

Question 21

What are the penalties under GDPR and DPA?

Answer 21

Greater of 4% annual turnover or 20m euros

Question 22

What should you do in the event of a GDPR breach?

Answer 22

Report to the ICO in 72 hours

Question 23

What is the right to be forgotten?

Answer 23

Article 17
Individuals have the right to have personal files erased if:
- Data no longer required
- Data has been processed unlawfully

Question 24

What is data portability?

Answer 24

Right for a data subject to receive personal info concerning them which they have provided and transmit data to another controller

Question 25

What is privity by design?

Answer 25

Legal GDPR requirement
- Requires data protection from onset of designing a system, rather than in addition

Question 26

What is a data controller?

Answer 26

Decides how and why personal data is processed and is directly responsible for GDPR

Question 27

What is a data processor?

Answer 27

Someone who processes data on behalf of and in accordance with a data controller instruction

Question 28

What is a data subject?

Answer 28

Individual whose data is about

Question 29

What is a data protection officer?

Answer 29

Person responsible for compliance with data protection regulations - monitor and ensure internal compliance

Question 30

What constitutes personal data?

Answer 30

Any information relating to a person that identifies that person
e.g. photo, name, email, bank details

Question 31

What are examples of personal data under GDPR that relate to property companies?

Answer 31

• Details of fund managers
• Data relating to managers
• Background checks
• Valuations

Question 32

What is the right to access?

Answer 32

Individuals have the right to obtain conformation that their data is being processed - access to their personal data

Question 33

What is a GDPR breach notification?

Answer 33

Duty under GDPR - must report breach in writing within 72 hours
If breach means an individuals rights or freedom may be impacted - must be reported straight away

Question 34

How are breaches discovered?

Answer 34

• Loss of equipment
• Access logs
• Theft
• Serious data security incident

Question 35

What are examples of data held by surveying firms that are covered under GDPR?

Answer 35

• Emails
• Other records
• Customer info held for marketing
• Data held to service client - e.g. bank details

Question 36

What are obligations imposed by GDPR?

Answer 36

• Having knowledge of data held and processed
• Ability to delete every instance of an individuals data
• Demonstrate compliance in managing data
• Prove how info is being used
• Offer data portability

Question 37

What is RICS guidance for GDPR compliance?

Answer 37

• Conduct data reviews
• Encrypt
• Keep data anonymous
• Understand data processes

Question 38

What is Workman’s policy for data protection?

Answer 38

Comply with GDPR / DPA
- Report any breaches to data officer in 72 hours - or line manager

Question 39

What is a privacy notice?

Answer 39

Identify who data controller and data protection officer is
Also should include:
- What information is held
- What information is used for
- Which 3rd parties may you share information with
- How long info is held
- What legal right a firm has

Question 40

What is a SAR?

Answer 40

Subject Access Request
- Demand that an individual be given information a company holds about them

Question 41

What is the Freedom of Information Act (2002)?

Answer 41

Gives individuals the right to request information held by public bodies
Public body must
- Confirm whether they hold the info
- Provide the info in 20 days of request

Question 42

Can you provide an example of when you handle confidential information?

Answer 42

Data input forms - add, amend and remove data
Sending info to solicitors - use secure data room
Anonymise employee liability info for TUPE
Password and account for management systems

Question 43

How do you protect data when transferring to a client?

Answer 43

• Encryption and password protection
• Recorded special delivery
• Using secure network and software

Question 44

What is an encryption?

Answer 44

Mathematical function that encloses data in a way where only authorised users can access it

Question 45

What is a firewall?

Answer 45

Secure network system which monitors and controls incoming and outgoing traffic based on predetermined rules

Question 46

When do you extract data in your role?

Answer 46

Using leases to fill out new lease forms
- Form filled out and sent securely to senior team member to sense check.
- Then sent to data team to securely upload to TRAMPS
- Data then held securely using password protection

Question 47

What management systems do you use?

Answer 47

TRAMPS
SharePoint
vroom
Horizon
EFS
Quooda /Meridian

Question 48

What is an ISO 9001?

Answer 48

Set out requirements for how firms should control data and documents relevant to the service they provide

Question 49

Can you provide an example of a property information tool?

Answer 49

Government search website - title register
vRoom
Horizon
TRAMPS

Question 50

What do you know about the retention of files under the Business Limitations Act 1980?

Answer 50

Legal Action must be brought within 6 years of issue arising
Business have responsibility to hold records for 6 years after they expire

Question 51

What do you know about the Privacy and Electronic Regulations (2005)?

Answer 51

Unlawful to transmit automated recorded message for marketing via telephone, unless prior consent of subscriber provided

Question 52

How do I ensure data is kept securely?

Answer 52

Restrict access via password protection
Firewalls - prevent hacking
Undertake training
Don’t share confidential info and anonymise

Question 53

What is AVM?

Answer 53

Automated Valuation Model
Use data on property database to calculate property value

Question 54

What guidance does the RICS provide on AVM?

Answer 54

RICS Roadmap: Automated Valuation Model Roadmap for RICS Members and Subscribers

Question 55

Why has the use of AVM been growing?

Answer 55

Increased availability of data
Avoid litigation costs associated with personal error

Question 56

What is an electronic document management system?

Answer 56

Type of software which stores, organises and manages documents in the form of electronic files e.g. SharePoint

Question 57

What makes a land register plan compliant?

Answer 57

• Correct scale 1:100, 1:200 - noted on plan
• Have scale measurement bar
• Include a 1:1250 scale map of location
• Full address
• North point
• Demise in red outline

Question 58

What is the Land Registry Act (2002)?

Answer 58

Framework for electronic property surveying
- All freeholds or leases over 7 years must be registered
- Adverse possession - 10 years +
- Aim to have also property registered electronically by 2030

Question 59

What are deeds & Registered Titles?

Answer 59

Deed - physical document declaring persons legal ownership
Registered title - ownership recorded with land registry electronically

Question 60

Are signatures accepted by the Land Registry?

Answer 60

Yes, if witnessed since July 2020

Question 61

What documents can be signed electronically?

Answer 61

• Deeds - if witnessed
• Contracts

Question 62

How do I comply with Workman’s data protection policy?

Answer 62

• Understand sensitive and protected data
• Don’t share confidential data
• Anonymise data
• Report breaches

Question 63

How do you protect and handle confidential information?

Answer 63

• Use document management system - add amend and remove data
• Upload files to secure data room
• Anonymise information
• Password protection

Question 64

How do you use TRAMPS and Horizon?

Answer 64

• Securely load data onto systems through DI forms
• Manage information on tenants and accounting information
• Tenant and client info stored
• Run reports
• Password protected

Question 65

Why is it important to hold accurate information?

Answer 65

• Effectively manage property
• Ensure rent demands etc sent out timely and that information provided to clients is accurate
• Comply with GDPR/DPA

Question 66

Talk me through your use of Quooda and Meridian?

Answer 66

• Secure data site for Health and Safety info - password protected
• Monitor H&S info and data at a property level
• Monitor statutory compliance - linked to my email which provides notification if document expires or is non-compliant
• Monitor progress in ensuring compliance following Risk Assessments

Question 67

What reports do you run?

Answer 67

• Tenancy schedules
• Arrears reports
• Service Charge expenditure reports
• Debtor payment histories

Question 68

What recommendations do you provide from reports?

Answer 68

• Arrears - CRAR recommendations
• Review SC expenditure 3 months before year end. Shows provision available for energy enhancement measures found in a Sustainability Report commissioned.

Question 69

How do you ensure data held is accurate?

Answer 69

• Data verification
• Check against original documents
• Error check data uploads with senior colleagues and data team

Question 70

How are the management systems you use kept secure?

Answer 70

• Encryption
• Firewalls
• Password protection

Question 71

What are your KPIs for uploading data?

Answer 71

• 7 days from receipt
• Data input tracker used to track when info received, uploaded by data team and relevant accounts work complete
• Client kept informed throughout

Question 72

How do you review arrears?

Answer 72

• Use TRAMPS/Horizon - able to see tenant payment
  and financial history
• Money received allocated by credit control and reflected on system

Question 73

How do you review SC expenditure?

Answer 73

Run service charge expenditure report on TRAMPS / Horizon

Question 74

How do you review leases?

Answer 74

• Solicitor data site
• If any info missing, liaise with solicitors and have info uploaded securely

Question 75

Can you explain Workman’s EFS?

Answer 75

Electronic Filing System
- Secure system with info held e.g. budgets, recs, contracts etc

Question 76

What would you do if someone wanted to view CCTC footage?

Answer 76

a) receive request,
b) check with data protection officer if unsure,
c) notify police if required and
d) ask subject to complete SAR whilst you await advice from DPO?

Question 77

How long can you hold data?

Answer 77

No limit - no longer than necessary
- As agreed with data subject
- Depends on several factors
- Is it a current project
- No you need them to justify fees
- Required for litigation?

Question 78

If a lease was assigned, how long should you hold the assignors info on your system?

Answer 78

Depends on the terms
- If an AGA in place - hold details until the end of the lease
- Same for privity of contract
- Could be argued that info can be held until arrears cleared

Question 79

How can you upload /share data and how do you know its allowed?

Answer 79

Firms privacy policy - dictates what info is held, how processed and how shared with 3rd parties
Time it may be allowed - property sale
- Privacy notice issued to all tenants

Question 80

Why do you undertake a data verification?

Answer 80

• New portfolio - lots of data - to ensure it was accurate
• Ensure data being held is necessary
• Comply with GDPR

Question 81

How was the new data kept secure?

Answer 81

Held on solicitor data room
- Encryption and firewall
- Password protected
- I was given username and password
Loaded in compliance with Workman processes to ensure safety

Question 82

What info was held on the data site?

Answer 82

• Leases
• Title
• Sc budgets and recs
• H&S docs

Question 83

How is info kept secure in our office?

Answer 83

Follow privacy policy
- understand what info is held and why
- understand who info can be shared with
- ensure protection - password / encryption
- IT implementations - Firewalls

Question 84

When are firms exempt from GDPR?