Data Management

Question 1

What are some examples of data security technologies?

Answer 1

• Disk encryption
• Regular backups off site
• Password protection
• Anti-virus software
• Firewalls

Question 2

What is copyright?

Answer 2

Exclusive rights granted to the author of any original work including the rights to copy.

Rights can be licensed, assigned or transfered.

Question 3

What is UK GDPR?

Answer 3

Regulations on personal data handling

Question 4

Why was the UK GDPR introduced?

Answer 4

To respond to changes to technology and the increasing use of technology.

Question 5

Does the EU GDPR apply to the UK?

Answer 5

No, this was scrapped after Brexit. UK has its own GDPR (2018).

Question 6

What is the Data Protection Act 2018?

Answer 6

It’s the UK’s implementation of the GDPR. Controls how your personal information is used

Question 7

What is the aim of the Data Protection Act 2018?

Answer 7

To create a single data protection regime for businesses and individuals to control how their data is used by 3rd parties. Gives people rights to be informed about how their personal information is used.

Question 8

What are the key requirements on the Data Protection Act 2018?

Answer 8

• Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data or risk of harm to individuals
• New rights for individuals to have access to what personal information is held and to have it erased

Question 9

What are the penalties of non-compliance?

Answer 9

Fines up to 4% of global turnover or £17.5 million (whichever is greater)

Question 10

Who policies data protection?

Answer 10

Information Commissioners Office (ICO)

Question 11

What are your rights under the Data Protection Act?

Answer 11

There are 8 individual rights under the UK GDPR:

1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights to automated decision making and profiling

Question 12

What are the 7 key principles of the UK GDPR?

Answer 12

Data must be:

1. Processed lawfully, fairly and in a transparent manner
2. Collected for specified, explicit and legitimate purposes
3. Adequate, relevant and limited to what is necessary
4. Accurate and up to date
5. Kept for no longer than necessary
6. Kept secure
7. The controller is accountable

Question 13

How are you compliant with GDPR with regards to mailing lists?

Answer 13

Can only add someone to a mailing list or send marketing if they have given permission

Question 14

Other than GDPR what did the DPA 2018 introduce?

Answer 14

New offences: recklessly obtaining data, storing data without consent

Question 15

What information can a firm retain to comply with other laws?

Answer 15

ID for AML checks

Question 16

What systems does your firm have in place to ensure data security?

Answer 16

Password protected systems and files

Question 17

How would you send sensitive information?

Answer 17

• Password protected files
• Encryption
• Use of firewalls and anti-virus software
• Clear desk policy and locking away confidential documents
• Regular change of password

Question 18

How would you deal with a data breach?

Answer 18

• Report to the ICO within 72 hours
• Report to my IT department
• Inform clients and those affected

Question 19

How can you secure your own data?

Answer 19

• Not clicking on junk / phishing emails
• Only log on to secure wifi
• Not sharing passwords
• Safely dispose of personal data
• Lock laptop away at night
• Encrypt data
• Use security software

Question 20

How can you send data securely?

Answer 20

• Password protected
• Encrypted files

Question 21

What must you do before sending marketing emails to a client?

Answer 21

Ensure that they have ‘opted in’ and provided consent.

Question 22

What is the Freedom of Information Act 2000?

Answer 22

Gives individuals the right of access to information held by public bodies.

Public body must tell the individual whether it holds the information – required to supply info within 20 days.

Question 23

What are the exemptions to the Freedom of Info Act?

Answer 23

• Contravenes with GDPR requirements
• Involves a criminal matter under investigation

Question 24

What is an NDA? / How does it work?

Answer 24

A binding contract between two or more parties that prevents sensitive information being shared with others. Maintains confidentiality.

Question 25

What is included in an NDA?

Answer 25

* Name of both parties * Definition of what is deemed confidential * The term of the agreement (period of time)

Question 26

Why is it important to verify third party data?

Answer 26

Ensures accuracy and transparency

Question 27

How do you analyse data in line with GDPR?

Answer 27

* Apply professional scepticism * Only base professional judgements on information I’ve verified

Question 28

How long can you keep data?

Answer 28

No longer than it is needed for the specific purpose

Question 29

What is a title document?

Answer 29

Legal document providing detailed information on a property.

Question 30

What is included on a title document?

Answer 30

* Owner * Price paid * Tenure * Boundaries * Covenants and easements

Question 31

Is there a RICS note on data handling?

Answer 31

No, however the RICS is proposing to publish a PS on Data Handling and Prevention of Cybercrime 2019. Currently in consultation stage.

Question 32

What will the Professional Statement include?

Answer 32

* How surveyors capture, store and share data * Best practices

Question 33

What is the difference between a data controller and a data processor?

Answer 33

A data controller determines the purposes and means of the processing of personal data. A processor engages in personal data processing on behalf of the controller.

Question 34

What are the fines if you don’t report a data breach to the ICO within 72 hours?

Answer 34

- Fines up to 4% global turnover - OR £17.5m - Whichever is greater

Question 35

What kind of filing system does your company use?

Answer 35

- Depending on what department an individual works in, we must request and get approval to the shared drive of which confidential information about clients and properties are filed on. - In my current line of work, data is filed in property specific folders and separated by different categories such as service charge, leases, building reports, asbestos reports etc.

Question 36

What is data triangulation?

Answer 36

Data triangulation involves using multiple data sources to confirm or refute a finding.

Question 37

What is Crown Copyright?

Answer 37

Referential material created and prepared by the Government, such as laws, public records, official press releases and OS mapping.

Question 38

Pros and Cons of Cloud storage