Data Management Flashcards
(34 cards)
What is the Data Protection Act
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
- The 8 principles of Data Protection– FLAP SAID
o Fairness, and Transparency;
o Lawfulness,
o Accuracy;
o Purpose Limitation;
o Storage Limitations;
o Accountability.
o Integrity and Confidentiality;
o Data Minimisation;
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’.
There is stronger legal protection for more sensitive information.
What is personal Data?
If it is possible to identify an individual directly from the information you are processing, then that information may be personal data.
For example: name, contact details and health records.
What is GDPR?
The General Data Protection Regulations (EU Legislation)
What are the principles of GDPR.
Can be found at gov.uk
There are 7 principles:
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability
Acronymn FLAP SAID
o Fairness, and Transparency;
o Lawfulness,
o Accuracy;
o Purpose Limitation;
o Storage Limitations;
o Accountability.
o Integrity and Confidentiality;
o Data Minimisation;
What Statute in the UK applies to this competency?
Data Protection Act 2018
- Imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU
- The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros
What data is protected by Statute?
Personal Data
Is all Data equal under the Statute?
No, some personal data which is defined as sensitive requires additional protection e.g. Health
Legal Consequence of Non-Compliance to GDPR.
likely infringement – a warning may be issued;
infringement: the possibilities include a reprimand, a temporary or definitive ban on processing and
Smaller offenses = fines of up to €10million or 2% of a firms global turnover (the greater)
Serious offenses = fines of up to €20million or 4% of a firm’s global turnover (the greater
CRD - LL
– Criminal proceedings
– Reputational damage to MM
– Data subjects – right to compensation
– Losing right to bid for new projects
– Losing existing contracts where in breach of data protection clauses
What is the purpose of the GDPR
To protect and empower personal data privacy and to reshape the way organisations process data – Was designed to harmonise data privacy laws across Europe in accordance with new data protection governance
What is BIM?
Building Information Modelling
Where is the data in BIM?
BIM is a 3D model where each 3D object contains “Metadata”. Thus acting as a “Database”
What are the advantages and disadvantages of BIM?
Better planning and design
Easy design changes – model is shared, set times for change could be implemented.
Minimal rework on site – model facilitates visibility of potential problem areas.
Lifetime information to the end user.
Requires substantial investment in the software.
Training and additional staff required (time saving usually makes this investment worthwhile)
Trust and collaboration required. Normal routing of tendering etc is different, all parties must share knowledge and invest sometimes before they are awarded the project.
End user simply may not use the information.
What is a CDE?
A common data environment (CDE) is a digital information platform that centralizes project data storage and access, typically related to a construction project and building information modeling (BIM) workflows. The data stored in a CDE originally consisted of BIM data and information. Today, a CDE also includes documents like project contracts, estimates, reports, material specifications, and other information relevant to a project’s design and construction processes.
is a digital platform that centralized project data storage and access.
Where does MM store project data?
Sharepoint, Projectwise (CDE), Connect Business, Connect People, DISX.
What is the name of the RICS’s Cost Data Subscription Service?
BCIS
What is the difference between a project Extranet and Intranet?
One is hosted within the company and the other hosted externally
What Business Management Systems are there in MM
In simple terms, STEP, Connect Business and Eforms
What is Data Classification?
The Protective Marking of Documents to highlight security and access restrictions
What is an NDA?
A Non-Disclosure Agreement – Data should not be disclosed to third parties
What data can be used to support the estimating process
BCIS, In-house cost data and Price Books
What are the benefits of cloud based storage systems?
Information is backed up securely on encrypted servers
Accessibility can be managed via online settings
Cloud systems are often cheaper than the costs of physically storing and managing files
It is convenient to send and share files online instead of mailing physical copies
Cloud systems are environmentally friendly
Multiple users can access the same documents
Documents and folder systems can be synchronised
What is the meaning of a non disclosure agreement?
Non disclosure agreements are used to protect against the disclosure or sharing of any confidential data.
Prior to the confidential data being share with a recipient, clients will typically request that the recipient signs up to an NDA.
They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.
If two separate departments within your firm were working for two rival companies how would you ensure client sensitive data was managed?
- Make client aware of risks
- Conflict of interest
- Letter of instruction to continue
- Exclusivity of staff
- NDAs
- Single Communication Lines in to client
- Separate working locations
- Secure storage
Who are the key persons outlined within GDPR?
Controller
The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data (e.g., when processing an employee’s personal data, the employer is considered to be the controller).
Processor
A natural person or legal entity that processes personal data on behalf of the controller (e.g., a call centres acting on behalf of its client) is considered to be a processor. At times, a processor is also called a third party.
Data Protection Officer (DPO)
The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.
