Data Management - Summary of Experience Flashcards
What is GDPR
EU General Data Protection Regulations 2016
What is the data protection act?
Data Protection Act 2018
- UKs application of GDPR
When was DPA and GDPR introduced
May 2018
Why was DPA 2018 introduced?
1998 Act introduced to cover modern data and technology
2018 Act to incorporate GDPR legislation
What are the principles of GDPR and DPA 2018
- Information used lawfully, fairly and transparently
- Information collected for specified, explicit and legitimate purposed
- Information is adequate, relevant and limited to necessity
- Information is accurate and kept up to date
- Information is kept no longer than necessary
- Information is kept safe
What are tje individual rights under GDPR and DPA 2018?
- To be informed
- To access
- To rectification
- To reasure
- To restrict processing
- To data portability
- To object
- To automated decision making and profiling
What are tje individual rights under GDPR and DPA 2018?
- To be informed
- To access
- To rectification
- To reasure
- To restrict processing
- To data portability
- To object
- To automated decision making and profiling
What is the purpose of GDPR and DPA 2018?
To protect citizens data
What are the penalties under GDPR and DPA 2018?
Fines
- 4& annual gloabl turnover or 20 million euros
What constitutes personal data?
Information relating to a person to identify that person
e.g names, photo, email, bank details, IP address
Give some examples of personal data and how they apply to property companies
- Data relating to investors
- Data relating to fund managers / Clients
- Valuations
- Compliance
- Bookkeeping payroll
- Background checks
- HR
- Tenant information
What organisations are exempt from GDPR
- Exceptions for organisations with fewer than 250 employees
- Private individuals not engaged in business activities
What is your firms data protection policy?
- Follow legislation
- Suspected breaches should be reported to the individual line managers or firms data protection officer
How do you apply your firms data protection policy?
- I ensure i have an understanding of sensitive and protected data
- I don’t send sensitive or preotected data unless it is to the individual
- Anonymise information where possible
- I report suspected breaches
Who regulates GDPR in the UK?
The Information Commissioners Office
What are the obligations imposed by GDPR
- MUST have knowledge of the data you store and process (including its location and security)
- MUST be able to delee every instance of individuals data
- MUST demonstrated compliance in managing data
- MUST be able to prove how information is being used
- MUST offer data portability
What are the RICS best practice guideance points for GDPR compliance?
- COnduct data reviews to understand risks
- Anonymise data where possible
- Encrypt where possible
- Create breach policy response
- Treat commercial data as personal data
- Understand data processes
How do you comply with GDPR in your role?
- Do not give out confidential or personal information
- Report suspected breaches
- Understand what information we hold that is protected
- Anonymise data where possible
- Upload to password and security protected data rooms
- Keep records of consent for processing, storing and retaining data
Give me an example of how you prcoess and handle confidential information?
- Use document systems to add, amend and remove information
- Upload files to secure data room
- Anonymise information
- Password protection to access files
What is encryption?
Mathematical function that encodes data in such a way that only authorised users can access it
What is a firewall?
Network security system that monitors and controls incoming and outgoing network traffic, based on predetermined security rules
What should be included in a firms privacy notice?
- What information you have
- What information will be used for
- Which third parties you may share information with
- How long information is being kept for
- What legal right the firm has
Explain your use of Tramps and Horizon
- Systems used to manage tenant information and accounting information, such as invoices, rent received etc
- Tenant contact information and Client information also stored
- Password protected
Explain your use of Sharepoint and vRoom
Document management systems that store legal documents such as title information, leases, licences
- Password protected
