Data Management

Question 1

Considerations for Data Management?

Answer 1

Consider the data required and held in your office (paper / electronic)

Understand the types of information systems used to extract information for a range of different scenarios and their strengths and limitations

Articulate how data can be stored securely and in accordance with the law?

Note the importance of diaries for trigger dates for property management systems - eg. rent collection, review notices, repairing obligations

Question 2

Data Sources

Answer 2

When accessing data it is essential to consider the reliability of the source and associated risk where possible

You should verify against alternative source through triangulation

Question 3

Data storage and security

Answer 3

It is essential that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection

This includes:
Disk encryption - encrypting data on a secure hard disk drive
Regular backups off site
Password protection
Use of anti-virus software protection
Firewalls and disaster recovery procedures

Consider what action is undertaken in your office to ensure security of data

Question 4

What is Copyright?

Answer 4

A set of exclusive rights granted to the author or creator of any original work, including the right to copy

These rights can be licensed, assigned or transferred

Form of intellectual property

Crown Copyright - created and prepared by the Government such as laws, public records and OS mapping

Essential that you acknowledge any copyright for information duplicated in your work

Question 5

What is the UK regulation regarding data?

Answer 5

UK General Data Protection Regulation & the Data Protection Act 2018

Question 6

Does the EU GDPR still apply?

Answer 6

No longer applies in the UK but was almost entirely transcribed into the UK GDPR

Question 7

UK GDPR facts and information?

Answer 7

UK GDPR is supplemented by the Data Protection Act 2018

The combined regime replaces the Data Protection Act 1998 and relates to personal data

It aims to create a single data protection regime affecting businesses, an empower individuals to take control of how their data is used for third parties

Gives people rights to be informed about how their personal information is used

Question 8

What are the key requirements under UK GDPR?

Answer 8

1. An obligation to conduct data protection impact assessment for high risk holding of data
2. New rights for individuals to have access to information on what personal data is held and to have it erased
3. A data controller decided how and why personal data is processed and is directly responsible for GDPR
4. A new principle of ‘data accountability’ is ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the new regulations
5. Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals

Question 9

Who is UK GDPR policed by?

Answer 9

Information Commissioner’s Office (ICO)

Question 10

What are the fines for non-compliance for GDPR?

Answer 10

Fines of up to 4% of global turnover of the company or £17.5 million (which ever is greater)

Question 11

What are the principles of UK GDPR?

Answer 11

Article 5(1) Principles relating to the storage of personal data states that data must be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals

• Collected for specified, explicit and legitimate purposes and not further processed in a manner which is not compatible with those purposes
• Adequate, relevant and limited to what is necessary for the purpose for which they are processed
• Accurate and where necessary kept up to date. Inaccurate data must be erased or rectified without delay.
• Kept in a form which permits identification of data subject for no longer than is necessary for the purpose that the personal data is processed
• Appropriate security of the personal data including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage using app technical or organisational measures.

It is important that the controller be responsible for and be able to demonstrate compliance with the principles

Question 12

What are the individual rights under UK GDPR?

Answer 12

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability (to use for their own purposes)
7. Right to object
8. Right to automated decision making and profiling (as undertaken by insurance companies)

Question 13

Freedom of Information Act (2000)

Answer 13

Gives individuals the right of access to information held by public bodies

The public body must tell any individual requesting sight of information whether it holds it

Normally the public body is required to supply it in 20 working days in the format requested

It can charge for the provision of the information

Question 14

What exemptions are allowed under Freedom of Information Act 2000/

Answer 14

Contrary to the GDPR requirements

It would prejudice a criminal matter under investigation or a persons/organisations commercial interest

Question 15

Security of data

Answer 15

Security of electronic data can be improved using firewalls, encryption and passwords

Understand how a Non-Disclosure Agreement works

Question 16

Proposed RICS Professional Statement on Data Handling and Prevention of Cybercrime

Answer 16

This is being proposed to cover best practice and mandatory obligation with which RICS professionals and regulated firms must comply

It is proposed to address how surveyors capture, store and share data appropriately and securely and is likely to mandate policies, practices and training for all regulated firms and members