Data Management (Good Questions)

Question 1

What are some examples of Data security technologies?

Answer 1

1. Disk Encryption
2. Regular backups off site
3. Password protection
4. Anti-virus software
5. Firewalls
6. disaster recovery procedures

Question 2

What is your understanding of copy right?

Answer 2

1. Set of exclusive rights granted to the author or creator of original work.
2. Rights can be assigned, licensed or transferred
3. Form of intellectual property

Question 3

What should you do if you include any copyrighted information in your work?

Answer 3

Acknowledge author / copyright

Question 4

What is Crown Copyright?

Answer 4

1. Refers to all material created and prepared by the government.
2. Includes laws, public records, official press releases and OS Mapping

Question 5

What does GDPR stand for?

Answer 5

1. General Data Protection Regulation

Question 6

What is your understanding of the Data Protection Act 2018?

Answer 6

1. Aims to create a single data protection regime affecting business
2. Aims to empower individuals to take control of how their data is used by third parties.
3. Gives people rights to be informed about how their personal information is used.

Key requirements include:

1. Obligation to conduct data protection impact assessments for high risk holding of data.
2. Rights for individuals to access information on what data is held and to have it deleted.
3. Data controller decides how and why personal data is processed. Directly responsible for GDPR.
4. New principle of ‘‘data accountability’’ - organisations must be able to prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations.
5. Data Security Breaches need to be reported to the ICO within 72 hours if there is a loss of personal data and a risk of harm to individuals.

Key Principles include:

Article 5(1) - Principles relating to the storage of personal data.

States that data must be:
1. Processed lawfully, fairly and transparently.
2. Collected for specific, legitimate, explicit purposes.
3. Adequate, relevant and limited to what is necessary for their purposes.
4. Accurate, kept up to date. If inaccurate, to be erased or rectified without delays.
5. Kept in a form allowing identification for no longer than necessary.
6. Ensure appropriate security against loss / destruction / unauthorised access.

Article5(2) requires the controller to be responsible, and be able to demonstrate, compliance with the principles.

Question 7

What are the 8 individual rights under UK GDPR

Answer 7

RIGHT:
1. To be INFORMED
2. of ACCESS
3. to RECTIFICATION
4. to ERASURE
5. to RESTRICT PROCESSING
6. to DATA PORTABILITY
7. to OBJECT
8. to AUTOMATED DECISION MAKING AND PROFILING

(I ADORERR)

Question 8

Who polices data regulation? What fines can be applied?

Answer 8

1. Policed by the Information Commissioners Office (ICO)
2. Fines up to greater of 4% of global turnover or £17.5 million.

Question 9

What is your understanding of the Freedom of Information Act 2000?

Answer 9

FOI Act 2000 gives individuals the right of access to information held by public bodies

1. Public body must inform individual requesting FOI whether it holds it.
2. Normally required to supply information within 20 working days and in format requested.
3. Can charge for provision of information.

Exemptions to FOI are allowed for a variety of reasons:
1. Contrary to GDPR requirements.
2. Would prejudice criminal matters.
3. Against organisations commercial interest.

Question 10

What is your understanding of Non-disclosure agreements (NDA’s)?

Answer 10

1. Legally enforceable contract between two parties relating to sensitive information.
2. Agreement creates a confidential relationship between the two parties.
3. Party damaged by breach of NDA can take legal action to enforce agreement & seek damages.

Question 11

Does the RICS have any guidance on Data Protection?

Answer 11

Not yet.

Proposed Professional Standard on Data Handling and Prevention of Cybercrime.

1. Would cover best practice and mandatory obligations.
2. Would address data capture / storage / sharing.
3. Would mandate policies, practices and training for firms & members.

Question 12

Can you name the recently introduced regulations set out to control how companies manage data they hold? Can you name the legislation this is supported by?

Answer 12

1. UK General Data Protection Regulations
2. Data Protection Act 2018

Question 13

Can you name any of the 8 principles covered in the Data Protection act 2018?

Answer 13

1. Fair and lawful processing
2. Specified and lawful purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than necessary
6. Processed in line with your rights
7. Held securely
8. Not transferred to countries without adequate protection

Question 14

Can you name any of the sources of data currently in use by the construction industry? What factor would you apply for a project from North East England to one in London?

Answer 14

1. BCIS
2. Location factor

Question 15

How does your in-house system comply with GDPR?

Answer 15

1. Information only collected for specific, legitimate purposes.
2. Information is only relevant to purposes required.
3. Information is kept up to date
4. Information is held securely

Question 16

How does GDPR affect your working activities?

Answer 16

1. Password protection
2. Update passwords regularly
3. Encrypted on internal hard drive (v-drive)
4. Backed up regularly

Question 17

What is meant by to be forgotten?

Answer 17

1. Erasure of personal information

Question 18

If home or hybrid working, how would you deal with cyber security?

Answer 18

1. Firewalls (Z-scaler)
2. Change passwords frequently
3. Encrypt on an internal hard drive
4. Back up regularly
5. Strong passwords.

Question 19

What challenges is brexit bringing to data management?

Answer 19

1. Shift from EU GDPR to UK GDPR in 2016