Data Management (Level 1)

Question 1

What is triangulation?

Answer 1

Process used to verify data through an alternative source
- Important when considering reliability of a source and risks

Question 2

How have you ensured data is secured safely?

Answer 2

Regular back ups undertaken off site
Disk encryption
Firewalls and disaster recovery procedures
Using anti-virus protection
Password protection

Question 3

What is copyright?

Answer 3

Exclusive rights to work provided to the author or creator
- Rights can be assigned and transferred
- Essential to acknowledge any copyright in your own work

Question 4

What is crown copyright?

Answer 4

Refers to material created and prepared by the government, such as laws, public records and OS mapping

Question 5

What is Data Management?

Answer 5

The practice of collecting, storing and using data securely, efficiently and cost effectively

Question 6

What is hard and soft data?

Answer 6

Hard - quantifiable
Soft - less measurable - e.g. opinions

Question 7

What is an information barrier?

Answer 7

Physical or electronic barrier which prevents the transmission of information between individuals or firms

Question 8

What is the Data Protection Act (2018)

Answer 8

UK implementation of GDPR

Question 9

What is the purpose of GDPR?

Answer 9

Harmonise data protection across the EU
Alter how personal data is managed and handled to ensure stricter regulation

Question 10

How have consent conditions been strengthened under GDPR?

Answer 10

Consent must be given with the purpose of data processing attached to that consent
- It must be as easy to give consent as it is to reverse it

Question 11

What is the role of the Data Protection Act 2018?

Answer 11

Controls how personal information is used by organisations, businesses and the government
- Also govern data protected by GDPR

Question 12

Is there any RICS guidance on Data Management?

Answer 12

(Archived) RICS Guidance Note - Electronic Data Management

Question 13

Why did the Data Protection Act come into force?

Answer 13

1999 - Respond to the rise of Data
2018 - incorporate new GDPR regulation s

Question 14

What are the key principles of GDPR / DPA?

Answer 14

Data must be
- Lawful, fair and transparent
- Collected for specified, legitimate and explicit purposes
- Adequate, relevant and limited to necessity
- Accurate and kept up to date
- Kept no longer than required
- Kept safe

Question 15

What are the 8 individual rights under GDPR?

Answer 15

1) To be informed
2) To have access
3) To rectification
4) To erasure
5) To restrict processing
6) To data portability
7) To object
8) To automated decision making and profiling

Question 16

Who does GDPR affect?

Answer 16

All companies who hold date EU data

Question 17

Who polices and regulates GDPR in the UK?

Answer 17

Information Commission Office (ICO)

Question 18

What are the penalties under GDPR and DPA?

Answer 18

Greater of 4% annual turnover or 20m euros

Question 19

What should you do in the event of a GDPR breach?

Answer 19

Report to the ICO in 72 hours

Question 20

What is the right to be forgotten?

Answer 20

Article 17
Individuals have the right to have personal files erased if:
- Data no longer required
- Data has been processed unlawfully

Question 21

What is data portability?

Answer 21

Right for a data subject to receive personal info concerning them which they have provided and transmit data to another controller

Question 22

What is privity by design?

Answer 22

Legal GDPR requirement
- Requires data protection from onset of designing a system, rather than in addition

Question 23

What is a data controller?

Answer 23

Decides how and why personal data is processed and is directly responsible for GDPR

Question 24

What is a data processor?

Answer 24

Someone who processes data on behalf of and in accordance with a data controller instruction

Question 25

What is a data subject?

Answer 25

Individual whose data is about

Question 26

What is a data protection officer?

Answer 26

Person responsible for compliance with data protection regulations - monitor and ensure internal compliance

Question 27

What constitutes personal data?

Answer 27

Any information relating to a person that identifies that person e.g. photo, name, email, bank details

Question 28

What are examples of personal data under GDPR that relate to property companies?

Answer 28

Phone numbers Email address Registered address

Question 29

What is the right to access?

Answer 29

Individuals have the right to obtain conformation that their data is being processed - access to their personal data

Question 30

What is a GDPR breach notification?

Answer 30

uty under GDPR - must report breach in writing within 72 hours If breach means an individuals rights or freedom may be impacted - must be reported straight away

Question 31

How are breaches discovered?

Answer 31

Loss of equipment Access logs Theft Serious data security incident

Question 32

What are examples of data held by surveying firms that are covered under GDPR?

Answer 32

Emails Other records Customer info held for marketing Data held to service client - e.g. bank details

Question 33

Key requirements imposed by GDPR 2021 and Data Protection Act 2018?

Answer 33

- data protection risk assessment - rights for individuals - data controller responsible for GDPR - provide information to ICO on compliance - breaches reported to ICO within 72 hours - fines of 4% global turnover or £17.5m - policed by ICO

Question 34

What is RICS guidance for GDPR compliance?

Answer 34

Conduct data reviews Encrypt Keep data anonymous Understand data processes

Question 35

What is APAM's policy for data protection?

Answer 35

Comply with GDPR / DPA - Report any breaches to data officer in 72 hours - or line manager

Question 36

What is a privacy notice?

Answer 36

Document provided to individuals that explains how a company uses and holds data. Identify who data controller and data protection officer is Also should include: - What information is held - What information is used for - Which 3rd parties may you share information with - How long info is held - What legal right a firm has

Question 37

What is the Freedom of Information Act (2002)?

Answer 37

Gives individuals the right to request information held by public bodies Public body must - Confirm whether they hold the info - Provide the info in 20 days of request

Question 38

Can you provide an example of when you handle confidential information?

Answer 38

Data input forms - add, amend and remove data Sending info to solicitors - use secure data room Password and account for management systems Protected excel workbooks

Question 39

How do you protect data when transferring to a client?

Answer 39

Encryption and password protection Recorded special delivery Using secure network and software

Question 40

When do you extract data in your role?

Answer 40

Using leases to fill out new lease forms - Form filled out and sent securely to senior team member to sense check. - Then sent to data team to securely upload to Propman - Data then held securely using password protection

Question 41

What management systems do you use?

Answer 41

Propman Sharepoint

Question 42

What is an ISO 9001?

Answer 42

Set out requirements for how firms should control data and documents relevant to the service they provide

Question 43

What do you know about the retention of files under the Business Limitations Act 1980?

Answer 43

Legal Action must be brought within 6 years of issue arising Business have responsibility to hold records for 6 years after they expire

Question 44

How do I ensure data is kept securely?

Answer 44

Restrict access via password protection Firewalls - prevent hacking Undertake training Don’t share confidential info and anonymise

Question 45

What makes a land register plan compliant?

Answer 45

Correct scale 1:100, 1:200 - noted on plan Have scale measurement bar Include a 1:1250 scale map of location Full address North point Demise in red outline

Question 46

What are deeds & Registered Titles?

Answer 46

Deed - physical document declaring persons legal ownership Registered title - ownership recorded with land registry electronically

Question 47

What documents can be signed electronically?

Answer 47

Deeds - if witnessed Contracts

Question 48

How do I comply with APAM's data protection policy?

Answer 48

Understand sensitive and protected data Don’t share confidential data Anonymise data Report breaches

Question 49

Why is it important to hold accurate information?

Answer 49

Effectively manage property Ensure rent demands etc sent out timely and that information provided to clients is accurate Comply with GDPR/DPA

Question 50

What reports do you run?

Answer 50

Tenancy schedules Arrears reports Service Charge expenditure reports Debtor payment histories

Question 51

How do you ensure data held is accurate?

Answer 51

Data verification Check against original documents Error check data uploads with senior colleagues and data team

Question 52

How are the management systems you use kept secure?

Answer 52

Encryption Firewalls Password protection

Question 53

What are your KPIs for uploading data?

Answer 53

7 days from receipt Data input tracker used to track when info received, uploaded by data team and relevant accounts work complete Client kept informed throughout

Question 54

How long can you hold data?

Answer 54

No limit - no longer than necessary - As agreed with data subject - Depends on several factors - Is it a current project - No you need them to justify fees - Required for litigation?

Question 55

If a lease was assigned, how long should you hold the assignors info on your system?

Answer 55

Depends on the terms - If an AGA in place - hold details until the end of the lease - Same for privity of contract - Could be argued that info can be held until arrears cleared

Question 56

How can you upload /share data and how do you know its allowed?

Answer 56

- Firms privacy policy - dictates what info is held, how processed and how shared with 3rd parties - Time it may be allowed - property sale - Privacy notice issued to all tenants

Question 57

What is the land registry? and what are the limitations?

Answer 57

government agency responsible for holding property data - unregistered land - title plans can be inaccurate - outdated

Question 58

What are the limitations of Co Star?

Answer 58

Not always up to date Information is not guarenteed

Question 59

Why do you undertake a data verification?

Answer 59

New portfolio - lots of data - to ensure it was accurate Ensure data being held is necessary Comply with GDPR

Question 60

How was the new data kept secure?

Answer 60

Held on solicitor data room - Encryption and firewall - Password protected - I was given username and password Loaded in compliance with Workman processes to ensure safety

Question 61

What info was held on the data site?

Answer 61

Leases Title Sc budgets and recs H&S docs

Question 62

How is info kept secure in our office?

Answer 62

Follow privacy policy - understand what info is held and why - understand who info can be shared with - ensure protection - password / encryption - IT implementations - Firewalls

Question 63

What data can you collect from tenants and why under GDPR?

Answer 63

contractual, legal and legitimate reason to do so inputted onto server by creating cange note with tenant data

Question 64

What is the Freedom of Information Act 2000

Answer 64

right to access information from public bodies supplied within 20 days public body can charge for data

Question 65

individual rights under UK GPDPR

Answer 65

- right to be informed - right to rectify - right to erase - right to restrict processing - right to use data for own purposes - right to object

Question 66

exemptions for GDPR?

Answer 66

if it would prejudice a criminal matter under investigation

Question 67

what information do you hold that is sensitive and confidential?

Answer 67

- tenant details - client details - fees - excel models - contracts