Data Management - Level 3

Question 1

What is GDPR?

Answer 1

General Data Protection Regulations (2016) effective May 2018

It aims to create a singe data protection regime for the EU.

Question 2

How is data protection legislated in the UK?

Answer 2

UK GDPR 2020

Data Protection Act 2018 implemented GDPR (2016)

Replaced DPA Act 1998

Question 3

What are the 8 individual rights under GDPR?

Answer 3

Informed
Access
Rectification
Erasure
Restrict Processing
Data Portability (their own use)
Object
Automated Decision Making and Profiling (Insurance companies)

Question 4

Who are the key persons outlined within GDPR?

Answer 4

Controller - Determine the purposes and means of the processing of personal data. (Employer)

Processor - Processes personal data on behalf of the controller. (Call centre)

Data Protection Officer - Oversees the data protection approach, strategy and its implementation. Leadership role required by GDPR (2016).

Question 5

What are some changes brought about by GDPR?

Answer 5

Data Controller responsible for GDPR

Individuals can request what personal data is held and request it is deleted

Question 6

Who is GDPR policed by?

Answer 6

Information Commissioners Office (ICO)

Question 7

What do you know about forthcoming data legislation?

Answer 7

On 8 March 2023, the Government published the Data Protection and Digital Information Bill (2nd).

The New Bill looks to reform the current UK data protection framework comprising of UK GDPR, the DPA 2018 and the Privacy and Electronic Communications Regulations 2003.

Intended to make data protection legislation simpler for businesses to understand and implement.

Question 8

What is the Freedom of Information Act 2000?

Answer 8

Primary piece of UK legislation controlling the access to official information

Allows an individual to request access to information held by a public body.

Question 9

What are the timescales for requesting information under the Freedom of Information Act 2000?

Answer 9

20 working days in the requested format
A fee may be charged

Question 10

What is personal data?

Answer 10

Under GDPR, Personal data is any information which is related to an identified or identifiable natural person.

Question 11

What is a non-disclosure agreement?

Answer 11

NDAs are used to protect against the disclosure or sharing of any confidential data.

Question 12

What is a subject access request?

Answer 12

SAR - demand that the individual be given all information that a company holds on them.

Question 13

What is copyright?

Answer 13

A set of exclusive rights granted to the author or creator of any original work, including the right to copy which can be licensed, assigned or transferred.

Question 14

What is meant by confidentiality?

Answer 14

Where information is provided, but is subject to confidence and not shared without permission.

Question 15

What is Meta Data and why is this important?

Answer 15

Meta Data is information about a specific piece of data, e.g., file size, author, date a document was created
It is important as we must ensure that Meta Data is afforded the same level of care as all other confidential data.

Question 15

What are the benefits of cloud based storage systems?

Answer 15

Information is backed up securely on encrypted servers.
Accessibility can be managed via online settings.
Often cheaper than costs of physically storing and managing files.
Convenient to send/share files online
More environmentally friendly
Multiple users can access the same documents
Documents and folder systems can be syncronized

Question 16

What different sources of information do you use in your day to day work?

Answer 16

Historic England
Land registry
Landlords
EGI
Rightmove
Inspections
Tenants
EPC
Council tax/business rates

Question 17

What data is held in your office?

Answer 17

Employee Data - Individual information
Client Data - Leases, plans, deeds
Company Data - Accounts, TOE, Instructions

Question 18

What do you need to do if you have a data breach?

Answer 18

Notify the Information Commissioners Officer (ICO) within 72 hours of the breach occurring

Question 19

What are the fines for non-compliance with GDPR?

Answer 19

Up to 4% of global turnover or 20 million euros (whichever is greater)

Question 20

What is some best practice to employ in managing data?

Answer 20

Changing passwords
Don’t connect to open wifi
Locking laptop when away form desk
Firewalls
No leaving devices open in a car etc

Question 21

What are the main aims of the Equality Act 2010?

Answer 21

The Equality Duty has three aims. It requires public bodies to have due regard to the need to:

1 - eliminate unlawful discrimination, harassment, victimisation and any other conduct prohibited by the Act;

2 - advance equality of opportunity between people who share a protected characteristic and people who do not share it;

3 - foster good relations between people who share a protected characteristic and people who do not share it.

Question 22

What act implemented the GDPR in the UK?

Answer 22

Data Protection Act (2018) which replaced the Data Protection Act 1988

Question 23

What are the individual rights under GDPR?

Answer 23

There are 8:
Information
Access
Rectification
Erasure
Restrict Processing
Data Portability
Object
Automated decision making

Question 24

What are the principles of GDPR?

Answer 24

There are 7: Lawfulness, fairness and transparency Purpose of limitation - be specific about the purpose of the data collection Data minimisation - only collect it when you need it Accuracy Storage limitations - store data for a necessary limited period and then erase Integrity and confidentiality - keep it secure Accountability - record and prove compliance

Question 25

What is your understanding of the term confidentiality?

Answer 25

Where information is provided but is subject to confidence and not shared without permission

Question 26

What is your understanding of Intellectual Property and Copyright?

Answer 26

This is the right to control the use and ownership of original works. Work generally created by an employee usually belongs to their employer unless copyrights are put in place.

Question 27

What is the Freedom of Information Act 2005?

Answer 27

Primary piece of UK legislation that controls the access to official information. The act permits the public right of access to information held by public authorities. Information must be published through the public authorities publication scheme. The act covers all information held and not just information since the act came into effect

Question 28

What is data?

Answer 28

Information - especially facts or numbers, collected to be examined and considering and used to help decision making

Question 29

What data do you use to make decisions?

Answer 29

Local rental data Valuation data Location data Measurement data

Question 30

What is the purpose of the information Act?

Answer 30

The fair and and proper use of peoples personal data

Question 31

How do you keep data secure?

Answer 31

Encryption Firewalls Don't connect to open wifi Passwords changed every 30 days Not leaving devices in open car/ on desk etc

Question 32

What is the freedom of information act?

Answer 32

A piece of legislation that grants public access to documents or other data in the possession of a government agency or public authority

Question 33

What are the public bodies?

Answer 33

Local authority Council HMRC NHS Police Schools

Question 34

Basic principles of FOI legislation

Answer 34

Maximum disclosure Publish Key Information Promote open government Exceptions narrowly down Processes rapidly and fairly Minimum costs

Question 35

What does it mean by maximum disclosure?

Answer 35

Shouldn't be holding back things that should be shared with you unless their is good reason

Question 36

What does it mean by publish key information?

Answer 36

Public bodies should be under an obligation to publish key information.

Question 37

What does it mean by promote open government?

Answer 37

Public bodies must actively promote open government - democracy

Question 38

What does it mean by exceptions narrowly drawn?

Answer 38

Should be narrowly drawn as to avoid including material which does not harm the legitimate interest.

Question 39

What does it mean by processed rapidly and fairly

Answer 39

Requests should be dealt with promptly and should be treated equally and there should be an independent review of refusals

Question 40

What does it mean by minimum costs?

Answer 40

Individuals should not be deterred from making request for information by excessive costs.

Question 41

Name you main sources of data?

Answer 41

Historic England Land registry EGI Rightmove EPC Council tax Business rates Inspections Tenants Landlords

Question 42

What is your favourite professional standard?

Answer 42

RICS Red book global standards

Question 43

Who makes the final decision if you act for the client or not?

Answer 43

Me - if I don't feel confident then I will not act for the client.

Question 44

What are rules of conduct?

Answer 44

These rules set out the standards of professional conduct and practice expected of members and firms registered for regulation by RICS

Question 45

What are international standards?

Answer 45

High level standard developed in collaboration with other relevant bodies

Question 46

What are professional statements?

Answer 46

Mandatory requirements for RICS members and regulated firms.

Question 47

What are guidance notes?

Answer 47

A document that provides users with recommendations or an approach for accepted good practice as followed by competent and conscientious practitioners

Question 48

What are codes of practice?

Answer 48

A documents developed in collaboration with other professional bodies and stakeholders that will have the status of a professional statement or guidance notes

Question 49

What are Jurisdiction guides?

Answer 49

This provides relevant local market information associated with an RICS international standard or RICS professional statement. This is not guidance or best practice material, but rather information to support adoption and implementation of the standard or statement locally

Question 50

What software and other systems do you use?

Answer 50

One drive Central database The hub Share point Word Excel

Question 51

How/where do you store data within your organisation?

Answer 51

Computer Phone Office - draws

Question 52

How long should data be retained for?

Answer 52

As long as it is necessary 7-10 years for Vickery Holman depending on