Data Management

Question 1

What is GDPR?

Answer 1

General Data Protection Regulation 2018

Question 2

What is GDPR for?

Answer 2

• “harmonise” data privacy laws across Europe
• give greater protection and rights to individuals.

Question 3

What are the 8 rights of individuals under GDPR?

Answer 3

• Right to be informed
• Right of access
• Right to object
• Right to rectification
• Right to restrict processing
• Right to data portability
• Right to be forgotten
• Rights in relation to automated decision making and profiling

Question 4

What protection was there for personal data before GDPR?

Answer 4

Data Protection Act 1998

Question 5

Who does GDPR affect?

Answer 5

All companies that collect or process personal information on EU citizens regardless of where they are based

Question 6

What will happen to GDPR post brexit?

Answer 6

Govt is working to enshrine them in UK law post-brexit

Question 7

What’s the difference between GDPR and DPA 98?

Answer 7

• Scope; it’s a binding regulation rather than directive
• Definition of personal data; now incl location data, genetic info, online identification markers, not just personal details
• Consent policies; now you must opt-in
• data breach; now obliged to report breach
• penalties; much more severe. Previously £500k max or 1% annual turnover

Question 8

What are the penalties for non-compliance with GDPR?

Answer 8

EU20m or 4% of annual turnover, whichever is higher

Question 9

What are the 6 principles of GDPR?

Answer 9

1 Lawfulness, fairness and transparency.
2 Purpose limitation.
3 Data minimisation.
4 Accuracy.
5 Storage limitation.
6 Integrity and confidentiality (security)
(Accountability?)

Question 10

How does your company collect and store data?

Answer 10

• Every month we submit tender returns to admin
• Data is taken and modelled in monthly tender reports, TPI forecasts etc

Question 11

How do you use historic data for current day projects?

Answer 11

• I ensure it’s relevant information in terms of scope/size etc
• Use location/date indices to bring it to present day
• if I’m using it for benchmarking I hide names of the project/ensure client is okay with me using the data

Question 12

Why would you use in-house data over BCIS?

Answer 12

As useful as BCIS is, in-house data can be very bespoke if we do the same type of building in the same place regularly (lucky GT is v big firm)

Question 13

What is BCIS?

Answer 13

Building Cost Information Service

Cost and price information is collected by BCIS from across the UK construction industry, then collated, analysed, modelled, interpreted and made available to the industry to facilitate accurate cost planning.

Question 14

What’s SPONs?

Answer 14

Price book for accurate price data for the UK construction industry.

Question 15

How would you protect data/information?

Answer 15

• Information barrier
• Clean desk policy
• Take calls in private
• Password protect files
• Encrypted files
• Sign NDA

Question 16

Who enforces GDPR?

Answer 16

Information Commissioner’s Office (ICO).

Question 17

How does your company comply with GDPR?

Answer 17

• Training to ensure awareness
• Information audit to understand what info we have, where we store it, who shared with
• Check procedures accommodate rights of individuals (right to delete their info etc)
• have procedures in place to detect, report, and investigate a personal data breach