Optional - Data Management (L3) Flashcards
Summary of experience: level one
What is GDPR?
GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union.
Summary of experience: level one
What do you need to do if you have a data breach?
Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.
Summary of experience: level one
What are the fines for non-compliance with UK GDPR?
Up to 4% of global turnover, or £7.5 million. (Whichever is greater)
Summary of experience: level one
What are the principles of Data Protection Act 2018?
- Processed lawfully, fairly and in a transparent manner
- Collected for specified and legitimate purposes
- Accurate
- Not transferred to countries with less info than your own
Summary of experience: level one
What are the 8 Individual Rights Under GDPR?
- Right to Information
- Right of Access
- Right of Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Automated Decision Making
(IARERDOA)
Summary of experience: level one
What is an SAR?
Subject Access Request – Demand that the individual be given all the information that a company holds on them.
Summary of experience: level one
What are the principles of UK GDPR?
A. There are six:
(1) Lawfulness, fairness and transparency
(2) Integrity and confidentiality (security)
(3) Accuracy
(4) Data minimization – only collect it when you need.
(5) Purpose Limitation – be specific about the purpose of the data collection
(6) Accountability – record and prove compliance
(7) Storage Limitations – store data for a necessary limited period and then erase
Summary of experience: level one
Give me an example of how your company is compliant with GDPR
- When we send out marketing emails to prospective purchasers, we send emails individually rather en masse.
- On marketing emails, we give people the right to be removed from our database
- Privacy notice when we collect data
- Fair Processing Notice on website
Summary of experience: level one
Does your company tell people how their data is stored?
Yes, our website gives detail on our ‘Fair Processing Notices’ which outlines:
* our purpose of collecting personal data
* how to unsubscribe from marketing communication
* special catergories of data are necessary for fulfilling legal obligations relating to AML
Summary of experience: level one
What is Primary Data?
Data that is collected first hand
Summary of experience: level one
What is Secondary Data
Data that we access from third party sources
Summary of experience: level one
What are the limitations of Secondary Data?
We cannot verify the accuracy of the data as we did not collect it ourselves
Summary of experience: level one
How do you check secondary data?
Get to the source of the data. If the primary data collector is identifiable, try and verify the information directly with them
Summary of experience: level one
Has the UK got its own version of GDPR?
DPA 2018 is the primary piece of legislation that replaced DPA 1998 and filled in the blanks that EU GDPR couldn’t specifically address in the UK.
After the Brexit transition period, UK GDPR came into force 01/01/2021. UK GDPR is essentially the same as EU GDPR and must be read in conjunction with DPA 2018.
Summary of experience: level one
What is personal data?
Information that makes someone personally identifiable
Summary of experience: level one
Who is responsible for DPA/GDPR compliance within a business?
Data Protection Officer (DPO)
Summary of experience: level one
How do you keep personal data secure?
- Authenticated access to systems
- Two factor authentification
- Encryption
- Ensure integrity of data collection systems
- Continually evolve and test systems
Summary of experience: level one
What should you do if there is a data breach?
- Report to DPO
- If necessary, they will report to ICO within 72 hours
- If there is high risk to indviduals (e.g. leaked hospital records) then you must notify individuals concerned
Summary of experience: level one
What does the UK GDPR state about the processing and collection of data from individuals?
Individuals have the right to be informed. You must provide them with privacy information at the time you obtain their data.
Summary of experience: level two
For the valuation of a country house hotel in the Scottish Highalnds, what data did you put in Excel?
I exported everything that we collate, but not all of it was relevant. So I cleaned up the data to leave:
- Hotel type: Boutique/Country House/Luxury
- Address: Region and postcode
- Turnover: £1m-£2m
- No. of bedrooms: 20
- Date Sold: within last four years
- Multiple Range
Summary of experience: level two
What sort of locations were similar?
- Skye
- Arrochar
- Islay
- Oban
Summary of experience: level two
What types of transaction were you looking for?
Other freehold hotel transactions
Summary of experience: level two
What was the multiple range did they have?
Between 5x-10x
Summary of experience: level two
Why did you look at the apartments on a £ per sq ft basis?
We were valuing the freehold value only. Client was looking to acquire the asset as they only managed it on behalf of owner.
