Flashcards in Data management / Property records/information systems Deck (48)
What is the Data Protection Act 2018?
• UK’s implementation of the General Data Protection Regulation 2016 (GDPR)
• Complete data protect system – as well as governing personal data covered by GDPR, it covers all other general data as previously covered by the 1998 Act
What is GDPR?
• General data protection regulation
• Relates to personal data
• Aims to create a single data protection regime for anyone doing business in the EU and to empower individuals to take control of how their data is used by third parties
• Gives people stronger rights to be informed about how their personal information is used
When did GDPR come into force?
25th May 2018
What are the key requirements under GDPR?
• Obligation to conduction data protection impact assessments for high risk holding of data
• New rights for individuals to have access to information on what personal data is held and to have it erased
• A data controller decides how and why personal data is processed and is directly responsible for GDPR
• ‘Data accountability’ ensuring that organisations can prove to the Information Commissioners Office (ICO) how they comply with the new regulations
What happens if you breach GDPR? What is the penalty?
• Data security breaches need to be reported to Information Commissioners Office (ICO) within 72 hours where there is a loss of personal data and a risk of harm to individuals
• An increase in fines up to 4% global turnover of the company or €20m (whichever is the greater)
• Policed by the ICO
What does Article 5(1) of GDPR state in relation to the processing of data?
Data must be processed lawfully, fairly and in a transparent manner in relation to individuals
What does Article 5(1) of GDPR state in relation to the collection of data?
Data must be collected or specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
What does Article 5(1) of GDPR state in relation to the relevance of data?
Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
What does Article 5(1) of GDPR state in relation to the accuracy of data?
Data must be accurate and, where necessary kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purpose for which they are processed, are erased or rectified without delay
What does Article 5(1) of GDPR state in relation to the form which data is kept in?
Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
What does Article 5(1) of GDPR state in relation to the the processing of data?
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures
Who does Article 5(2) of GDPR state is responsible for the compliance with the principles outlined in Article 5(1)?
The data controller shall be responsible for, and be able to demonstrate compliance with the principles
What are the 8 individual Rights under GDPR?
1. Right of access
2. Right to be informed
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (to use for their own purposes)
7. Right to object
8. Rights to automated decision making and profiling (as undertaken by insurance companies
How has your firm changed their data management practices to comply with GDPR?
• Conducted data protection impact assessments i.e. evaluated risks associated with holding information about individuals
• Ensure data accountability through the appointment of a named data controller
• Contacted individuals who were on distribution lists to confirm that they wanted to be contacted
• Trained staff
• Ensured correct firewalls were in place to ensure appropriate security of personal data
Under GDPR, would you be able to transfer personal data you hold outside of the UK?
GDPR restricts transfers of personal data outside the European Economic Area (EEA), unless the rights of the individuals personal data is protected in another way
Who has received the largest fine under GDPR?
British Airways received a £183m fine in 2019 after hackers stole the personal data (including login, payment card, name, address and travel booking information) from 500,000 customers
What is the Freedom of Information Act 2000?
Gives individuals the right of access to information held by public bodies
What does the Freedom of Information Act 2000 require of public bodies?
• Public body must tell any individual requesting sight of information whether it holds it
• Normally the public body is required to supply it in 20 working days in the format requested
• It can charge for the provision of the information
What are the exemptions from the Freedom of Information Act 2000?
• Contrary to the GDPR requirements
• It would prejudice a criminal matter under investigation
• It would prejudice a person’s/organisation’s commercial interest
What are the elements of a Non-Disclosure Agreement (NDA)?
• Identification of the parties
• Definition of what is deemed to be confidential
• Scope of the confidentiality obligation by the receiving party
• The exclusions from confidential treatment
• The length of term of the agreement
What are automated valuation models (AVMs)?
• Software systems which can provide property valuations using mathematical modelling combined with a database
• They are most used for residential property
What are the advantages of using AVMs?
• Able to consider a larger number of data points than a traditional valuation approach
• Saves time, money and resources
• Removes any human bias or subjectivity
• Useful for assessing the value of a property portfolio
What are the disadvantages of using AVMs?
• Do not take into account property condition (valuation assumes an average condition as an inspection does not occur)
• Does not take into account nuanced factors such as the view or level of street noise
• Use transactional data which may lag the actual market i.e. cannot include evidence from properties which might be under offer
What do you understand by the term security of data?
Means ensuring that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection
How can security of data be improved?
• Disk encryption - encrypting data on a secure hard disk drive
• Regular back ups off site
• Password protection
• Use of anti-virus software protection
• Firewalls and disaster recovery procedures
What does copyright mean?
• A set of exclusive rights granted to the author or creator of any original work, including the right to copy
• These rights can be licensed, assigned or transferred
• Form of intellectual property
What does Crown Copyright cover?
All materials created and prepared by the Government, such as laws, public records, official press releases and OS mapping
What is a deed?
A legal document made under seal
How can you prove ownership of land which is not registered with the Land Registry?
The Deeds will set out information about the ownership and details of a property