Data Management

Question 1

What Is data management?

Answer 1

Data management is the practice of collecting, organising, protecting, and storing an organisations data so that it can be analysed for decision making purposes.

Question 2

What does GDPR mean?

Answer 2

General Data Protection Regulations

Question 3

What are the General Data Protection Regulations?

Answer 3

A law that was created in the EU to protect the personal data of citizens, by telling companies what they can and can’t do with personal data, and to use it correctly and lawfully.

Question 4

When did GDPR come into force?

Answer 4

25th May 2018

Question 5

What changes did GDPR bring?

Answer 5

Definition of data
Breaches have to be reported in 72 hours
Larger fines introduced - €20 million or 4% annual global turnover
Data protection officer for companies with 250+ employees or 5000+ subject profiles annually.

Question 6

What is personal data?

Answer 6

Data which can identify someone: names, phone number, email address or ID number.

Question 7

What is special category data?

Answer 7

Type of personal data seen as particularly sensitive.
Includes: race, religion, genetic data, disability, marital status and biometric data.
Special categories are outlined under Article 9 of GDPR stating you must have a lawful basis to collect special category data.

Question 8

How to report a data breach?

Answer 8

Within 72 hours report to the information commissioner office.
Information commissioner office is a third-party organisation that upholds rights for the public who will investigate potential complaints for breaches of GDPR or DPA.

Question 9

What is a data controller?

Answer 9

The party that determines the purposes of processing data and how and why this is done (often the company).

Question 10

What is a data processor?

Answer 10

Someone who processes data on behalf of the data controller.

Question 11

What is a data subject?

Answer 11

A data subject is the party that the data can identify.

Question 12

How would you get rid of data?

Answer 12

Paper copy - place in appropriate bin (confidential was blue bin).
Online: redacted - delete from all areas.

Question 13

What is data purpose under GDPR?

Answer 13

Organisations must clearly inform individuals of purposes for which data is processed.
Data held must have a specified purpose and must not be processed for incompatible purposes.

Question 14

What are the restrictions around consent under GDPR?

Answer 14

It must be freely given without coercion
Specific consent for specific data
Consent must be given after being informed of use of collected data and processing.

Question 15

What is Data Protection Act 2018?

Answer 15

The UK equivalent/interpretation of GDPR - everyone follows data protection principles while using personal data.
Add on to the Data Protection Act 1968 introducing: larger fines, requirement to report in 72 hours, definition of data change for new technology, required 250+ person company to have a data protection officer.

Question 16

What are the 7 principles of GDPR?

Answer 16

Lawfulness, Accuracy, Purpose limitation, Data minimisation, Accountability, Storage limitation, Security.

Question 17

What is the punishment for breach of GDPR?

Answer 17

Fine up to €20 million or 4% annual global turnover.

Question 18

What is information governance?

Answer 18

Framework governing how information is handled ensuring it is done correctly and lawfully.
Organisations must have processes in place for reporting and recording data security breaches and provide training to staff.

Question 19

What is the Freedom of Information Act 2000?

Answer 19

Provide public access to information held by public authorities.
It covers all information held: emails, notes, recordings of phone calls, CCTV.
Requests can be refused if has potential to cause unjustified disruption.

Question 20

How to request information? (FOI)

Answer 20

Request must be made in writing including name, contact address and what information you are after.
Organisations have 20 working days to respond and must establish identity before giving out personal data.

Question 21

What is Section 10 of FOI?

Answer 21

Specifies that as a public authority you have 20 working days to respond to a request.

Question 22

What is Section 14 of FOI?

Answer 22

Protects public authorities by allowing the refusal of requests if they have potential to cause an unjust level of disruption, irritation or distress.

Question 23

What is a subject access request?

Answer 23

This allows you to request the personal information a company holds about you.
Must submit written requrest with clear proof of identity and what information you are requesting.

Question 24

How does your organisation keep data secure?

Answer 24

Fire walls, virus protection
Spyware detection
Systems we use have certain location for different types of information
Training for staff

Question 25

Why is PCC stock data good for data management?

Answer 25

Database is fundamental for data management storing large amounts of information which can allow for quick input and extraction. Database allows for redaction of personal data as GDPR says it must be removed once no longer necessary Ensures statutory compliance is met e.g. Gas check, EICRs, FRAs, allows for my organisation to process data legally and correctly.

Question 26

What data is not on database?

Answer 26

Personal data unless necessary to complete tasks e.g. name/contact number, incorrect data.

Question 27

Why is it important that stock data is accurate?

Answer 27

Ensure statutory compliance is not missed Allow for resources to be directed where required most Allows the property to be let to the most suitable resident

Question 28

How is project database used?

Answer 28

Database in which records past, present and future projects. Allows to easily input and record important information about the project, which is then easily accessed for all surrounding dates, costs and relevant assets. Reduces the risk of disputes and errors.

Question 29

What data can you extract from database?

Answer 29

Block and property information that can be used for surveys including age, construction type and condition Rrepair appointments including costs and details of residents - some may be redacted Projects database - look at date/time/estimates.

Question 30

How do you deal with data in your role?

Answer 30

Ensure information is uploaded to the correct area so it can be accessed by all and removed with ease. Types of data I have dealt and deal with includes the personal data of residents, in order to contact and make appointments, inputting data in regard to statutory compliance for example EPC information.

Question 31

How do you analyse data and why?

Answer 31

Asbestos inspections: I would extract and determine the data I needed to collect (such as the component I was inspecting and its previous condition) Collect the data (recording current condition) Evaluate the data after the inspection (looking at the condition and whether any actions need to be raised) Record this data and upload it to the database for future analysis the following year

Question 32

How do you securely store data?

Answer 32

Use specific fields to ensure the data is stored in the correct locations such as FRAs and EPCs. Ensure personal data of residents is stored in the correct areas meaning it can be redacted Large amounts of data is secured on cloud-based storage which is protected behind a fire wall, spyware/virus protection and all of my organisations devices use a VPN.

Question 33

How do you comply with GDPR?

Answer 33

Ensure that physical copies on data are appropriately discarded Ensure personal data when no longer required is redacted Ensure data is stored in correct locations Lock computer while not at desk

Question 34

How does PCC manage energy performance of its stock?

Answer 34

EPCs are undertaken to our housing stock, involves inputting data into stock database - including age of installations, construction type, EPC rating. Extracts can be pulled, to understand low ratings and create demand for projects to improve scores within an area.

Question 35

What is a privacy policy?

Answer 35

A legal document outlining how an organisation collects, processes, stores and shares personal data. Informs subject about their rights in accordance with GDPR/DPA.

Question 36

When must a privacy policy be provided?

Answer 36

When you collect and/or process personal data about an individual.

Question 37

What should a privacy policy include?

Answer 37

RICS guide that it should include: What information you have What the information will be used for Which third parties you might share the information with (and why) How long you will keep the information for What legal rights the data subject has.