Data protection Act 2018 (GDPR) Flashcards
what personal data could I collect?
- employees.
- clients.
- prospective clients.
what should you consider?
- Think about whether the information you hold is personal information?
- Document the purposes for which you are allowed to hold the information.
3.Keep a record of consent (where needed) for processing, storage and retention.
4.Seek permission to pass on details of any information related to the work (ie someones email/ telephone number)
How can a Data breach occur?
- employee mistake
- hacking
- cyber attacks
- malware
- loss of equipment
How to prevent data breaches?
- Setting up proper passwords
- use encryption for data transfer (this is part of MS 365) .
- comply with data protection policy
etc
Data retention
- Only keep data for as long as necessary.
- May need to hold onto data in case of claims made against them.
- The limitation period may determine this, such as;
- 6 years from service or 6 yrs from the loss. signed under hand.
- A long stop position of 15 years, if they did not know they suffered a loss.
- 12 years, if signed under seal
Confidentiality agreements/non-disclosure agreements
As a RICS firm I will need to hold onto confidential information.
Often contractually responsible for protecting information that another party discloses to me.
Data retention contin..
Documents that were provided by your client or that your client has paid for belong to them, BUT your internal notes, emails and copy correspondence may not. However, remember that the client may also have a right to access the personal data you hold about them in those documents. If you are unsure about what should be provided, you may need to take legal advice.
What is GDPR ?
- Stands for: general data protection regulations.
- it governs how your data is handled.
Who would usually own the copyright of a valuation report?
The surveyor, the client is licensed to copy it in connection with the purpose
Could a Professional Indemnity Claim be based on lost or corrupted data?
Yes
