Data Management (L1) Flashcards
(46 cards)
1
Q
Who are the parties involved in GDPR?
A
- Data Subject
- Individuals date whose personal data is being processed - Data Controller
- Person or entity that determines the purpose and means of processing the data - Data Processor
- Person or entity that processes the personal data on behalf of the data controller - Data Protection Officer (DPO)
- Person or team appointed to oversee and ensure compliance with GDPR
- Mandatory for public authorities - Supervising Authorities
- Public authorities overseeing GDPR enforcement - Third Parties
- May access or process data as part of services provided - Joint Controllers
- 2 or more controllers sharing control over processing
2
Q
What are the potential penalties for breaching GDPR? What are the violations?
A
Tier 1 Penalties
- Up to €10,000 or 2% of global annual turnover
Tier 2 Penalties
- Up to €20,000 or 4% of global annual turnover
Violations include:
- Failure to maintain proper records of data processing
- Not conducting a data protection impact assessment
- Failure to report data breach to the supervisory authority within 72 hours of data breach
- Failure to obtain valid consent from data subject
- Violation of data subject’s rights, access, restriction, erasure or data portability
- Failing to appoint a data protection officer
3
Q
What are some of the rights of individuals?
A
- Right to access
- Right to erase
- Right to object
- Right to restrict processing
4
Q
Workspace - Why is this important?
A
- Provides secure network for handling data
- Internal auditors using the software to ensure compliance
- Organised data and reports
- Only internal access allowed
5
Q
What is the General Data Protection Regulation?
A
- Focuses on the importance of data controlling and processing
- Identifies the right is individuals whose data is being processed
- The duties and responsibilities of each of the parties
- Outlines penalties for breach of any of the data protection regulations put in place
Parties Include:
- Data Subject
- Data Controller
- Data Processor
- Data Protection Officer
- Supervising Authority
- Third Party
- Joint Controllers
6
Q
Why do you do Quality Assurance Audits?
A
- Ensure internal teams are processing information as per the company procedures
- To maintain a thorough and diligent service to all clients
- To identify non-compliance and track progress of corrective actions from previous audits
- To report to senior members of the compliance team
7
Q
What are the data management policies in your organisation?
A
- Minimise data being stored where possible
- Use secure network called workspace to store data and issue data
- Report any suspected breaches of data processing in the first instance to the compliance team
- To receive consent for using or sharing data from clients
8
Q
Can you tell me 3 principles of UK GDPR and the Data Protection Act 2018?
A
- The Data Protection Act is the UK’s implementation of the GDPR, both came into effect in 2018
- Work together to regulate the processing of personal data in the UK
- Lawfulness, Fairness, and Transparency
- Must have a legal basis and obtained consent
- Should not result in detriment for the individual
- Organisations must provide clear, and accessible information - Data Minimisation
- Adequate, relevant and limited to what is necessary - Accountability and Governance
- Data controllers take responsibility for the personal data they process
- Regular assessment and documentation
9
Q
How do you comply with UK GDPR and Data Protection Act 2018 in your role?
A
- Use secured network called workspace for storing and sharing data
- Retrieve consent from clients prior to processing data
- Undertake QA audits to ensure internal data processing policies are being adhered to
- Provide clear and accessible information where required
- Minimise data being stored by only requesting what’s required
10
Q
Can you give me an example of how you process and handle confidential information?
A
- Obtain consent from the data subject prior to processing
- Use secured network for storing and issuing data as per company policies
- Retention of data limited to what’s required and then delete, I.e Toronto Close surveys
11
Q
Give me an example of how you ensure data is kept securely?
A
- Use secured business network called workspace for storing and issuing data
- Undertake regular training ensuring I am up to date with company policies
- Multi-factor authentication to access secured platforms
12
Q
What do the Privacy and Electronic Communications Regulations 2003 apply to?
A
- Alongside GDPR and Data Protection Act 2018
- Protect individuals privacy and ensure their data is handled responsibly in the context of electronic communication
- Marketing
- Requires consent for marketing - Cookies
- Requires consent for placing cookies - Confidentiality
- Illegal to intercept or monitor electronic communications - Security of Networks and Services
- Traffic and Location Data
- Requires consent
13
Q
What is copyright?
A
- Legal concept which grants the creator of an original piece of work exclusive rights to its use and distribution
- Copyright expresses protection of ideas
- Creative works
14
Q
What is intellectual property?
A
- Creations of the mind such as inventions, designs, brand names, artistic works, and trade secrets
- Protected by law for unauthorised use
- Giving creators exclusive rights to their creations, allowing them to control and profit from their ideas
15
Q
Can intellectual property be transferred?
A
- Yes, can be transferred by transferring rights to another party
- licensing or assignment
16
Q
What is the Freedom of Information Act 2000?
A
- Gives public the right to access information held by public authorities
- Promotes transparency and accountability in government
- Government departments such as educational institutes, local authorities, NHS bodies etc
17
Q
Can you tell me about the retention of files and the Limitation Act 1980?
A
- Legislation that sets limits on how long a person has to bring a legal claim to court
- Crucial in determining the retention of files and documents
Key points in the Act;
- General limitation period of 6 years
- Special rules for certain claims
- Time limit for claims including minors
- Postponement of limitation period; I.e fraud
- Extending the limitation period
18
Q
Give me an example of a property information tool?
A
- Gov.uk, land registry search tool
- Planning portal
- Rightmove, Zoopla, Purple Bricks
19
Q
Tell me about how you extract data from a source regularly in your role?
A
- Planning portal; extract existing and past planning applications for properties
20
Q
What are the limitations of primary / secondary data sources?
A
Primary
- Refers to data collected directly from original sources; surveys, interviews, experiments etc
- Cost and time intensive
- Potential bias
- Access and feasibility
Secondary
- Refers to data that was collected from other sources and revised for new analysis
- Relevance
- Data quality and reliability
- Data accessibility and availability
- Potential bias in input findings
21
Q
How do you validate information?
A
- Review the source and initial details
- Cross reference with new information
- Communicate with stakeholders
- Contact original source
- Evaluate consistency with known factors
22
Q
What is the difference between a deed and a registered title?
A
Deed
- Formal, legal document used to convey or transfer an interest in property
- Transfer of owenership
Registered Title
- Official record of ownership maintained by a government body
- System through which land ownership is publicly document d and verified
23
Q
How do you source title information?
A
- Online search via land registry
- Obtain physical copies through Land Registry
- Using third party providers and solicitors
24
Q
What are the differences between manual and electronic records?
A
Storage and accessibility format, physical and electronic
- Physical storage requires space, electronic storage requires hard drive
- Electronic records are more adaptable, cost-effective, and compliant with modern regulations
25
What is an index map?
- Visual reference of land parcels or properties
- Map that shows a grid or framework, which can be further referenced to locate specific details about land files, boundaries or ownership
- Land Registry Index Maps
- Planning Index Maps
26
What does encryption mean?
- Process of converting information or data into a code
- Converting into unreadable format, which can only be reverted to its original state using an decryption key
27
What is a firewall?
- Network security system designed to monitor and control incoming and outgoing network traffic based on predefined security rules
- Used to protect computer networks and devices from cyber attacks
28
How can you protect electronic data from viruses?
- Adequate training and supervision
- Utilising a firewall in place to secure the network system against cyber attacks and unwanted access
- Have encryption in place for stored data
- Keep software updated
- Anti virus software
- Use strong unique passwords
29
What does block chain mean? And why is it useful?
- Decentralised, distributed database where information is stored in blocks that are linked together in a chain
Advantages of block chain;
- Security
- Decentralised
- Transparency
- Reduced costs
- Faster transactions
- Immutability
30
What records are kept manually in your office and why?
- Scaled drawings for designers and engineers drawings
- Legal documents and contracts
- Internal communications, I.e minutes
31
What is BIM and how can it be used?
- Building Information Modelling
- Can be used to store property, design, construction and operations and maintenance data (asset management)
- Useful to increase collaboration during design and maintenance of buildings
- Single point of information storage for all stakeholders
32
Explain the growing use of AVMs in the industry?
- Automatic valuation models
- Ability to quickly and accurately estimate property values based on a range of data inputs
- Advancements to technology
- Increased demand for speed and accuracy
- Growing need for data-driven decision-making
- Up to date real time market analysis
33
What AVMs are you aware of?
- Automatic valuation models
- Rightmove, Zoopla, Purple Bricks AVMs
- Land Registry AVM
34
What is ISO9001?
- International standard for Quality Management Systems
- Helps organisations enhance customer satisfaction and product quality by focusing on effective management processes
- ISO9001:2015 is the most current version
1. Quality Management System
- Sets out criteria
2. Customer Focus
- Customer oriented approach
3. Leadership
- Importance of top managements commitment
4. Engagement of People
- Importance of involving employees
5. improvement
- Continuous improvement is core principle
6. Evidence-based Decision Making
- Well-informed
7. Relationship Management
- Establish mutually beneficial relationships
35
What is ISO9001?
- International standard for Quality Management Systems
- Helps organisations enhance customer satisfaction and product quality by focusing on effective management processes
- ISO9001:2015 is the most current version
1. Quality Management System
- Sets out criteria
2. Customer Focus
- Customer oriented approach
3. Leadership
- Importance of top managements commitment
4. Engagement of People
- Importance of involving employees
5. improvement
- Continuous improvement is core principle
6. Evidence-based Decision Making
- Well-informed
7. Relationship Management
- Establish mutually beneficial relationships
36
What are the requirements of ISO9001?
- Develop and maintain Quality Management Systems
- Maintain documented evidence
- Undergo an external audit
- Ensure continuing improvement
37
What does ISO27001 relate to?
- International standard for helping organisations manage and projects their information assets
- Provides framework to protect sensitive information from threats such as cyber attacks, data breaches etc
- Deals with Information Security Management System
- Builds trust with customers and stakeholders
Main requirements:
1. Establishing the Information Security Management System
2. Risk Assessment and Treatment
3. Security Controls
4. Documentation
5. Monitoring and Review
6. Continuous Improvement
38
Why is quality management important?
- Builds trust and confidence
- Increases reputation and protects reputation
- Repeat business and satisfaction
- Boosts efficiency and reduces waste
- Drives continuous improvement
- Improvement of services
39
What is Electronic Document Management System?
- Software developed by organisations to store, track, and manage data and information
- Ridge has Workspace
40
What do you understand by the Civil Evidence Act 1995?
- Governs rules of evidence in civil court proceedings
- Modernises and simplifies the process of presenting evidence in civil court cases
- How evidence is admitted, presented, and weighed by the courts
1. Admissibility of Documents
2. Witness statements, with written statements
3. Heresay evidence
4. Expert evidence
5. Electronic evidence
6. Cost and efficiency
41
Are electronic signatures accepted by the Land Registry?
- Yes, provided they meet the relevant security and identity verification requirements
42
What types of documents can electronic signatures be used for?
1. Commercial and business contracts
2. Real estate and property transactions
3. Financial documents
4. Employment documents
5. Healthcare and medical documents
43
What is data redundancy?
- Duplication or repetition of data within a database, system or storage environment
- Multiple database copies
- Data replication
- Backup copies
- Beneficial for improving data availability, backup, and disaster recovery
- Can lead to inefficiencies, increased storage costs, and potential data inconsistency if not carefully managed
44
What is VLOOKUP used for?
- Vertical Lookup
- Tool used for data lookup and reference tasks, making it easier to locate information from a large database
45
What is a Pivot table?
- Data analysis tool in MS Excel
- Allows you to summarise, analyse, and organise large datasets to extract meaningful insights
- Allows you to group, sort and filter information without the need to write complex formulas
46
What are examples of Tier 1 and Tier 2 breaches of GDPR?
Tier 1
- Failure to maintain adequate date processing records
- Not appointing a data protection officer
- Not promptly notifying a data break
Tier 2
- Processing data without a legal basis
- Violation of data subject rights, access rectification, erasure
- Cross-border Data transfers
