Data Management

Question 1

How long should you keep data for?

Answer 1

• 6 years if the contract is signed underhand
• 12 years if contract is signed as a deed
• RICS recommends 15 years, this is the limitation period for most legal claims

Question 2

What type of data systems are used at Arcadis?

Answer 2

• SharePoint
• Autodesk BIM360
• ACC
• Smartsheet

Question 3

What is a project extranet system?

Answer 3

A computer network that allows external parties to view project files on a secure platform.

Question 4

What are the benefits of cloud based storage systems?

Answer 4

Easy access anywhere in the world
Secure
Low set up cost
Teams can work in real time
Easy to control access

Question 5

What is the Data Protection Act 2018?

Answer 5

It controls how all personal information is used by organisations, businesses or the government.
It is the UK’s version of the General Data Proectection Regulation (GDPR)

Question 6

What is GDPR?

Answer 6

A regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

Question 7

What is the purpose of GDPR?

Answer 7

Designed to harmonise data protection laws across all member countries as well as providing greater protection and rights to individuals.
It altered how businesses and other organisations handle the information of those that interact with them. There’s the potential for large fines and reputational damage for those found in breach of the rules.

Question 8

Who are the key persons outlines within GDPR?

Answer 8

Data Controller - person who decides how and why to collect and use the data. Must ensure the processing of data complies with data protection law
Data Processor - a separate person who processes data on behalf of the controller
Data Subject - individual whom the personal data is about
Data Protection Officer - guarantor of compliance with the data protection regulations, without replacing the functions carried out by other supervisory authorities

Question 9

What constitues as personal data?

Answer 9

Any information relating to a person or ‘Data Subject’ that can be used to identify a person directly or indirectly. This could be a name, photo, email address, bank details, posts on social media, medical information, or a computer IP address
The legislation not only applies to electronic data but to any records that are stored in a form that is easily searchable

Question 10

What is the difference between a data processor and data controller?

Answer 10

A controller is the entity that determines the purposes, conditions and means of processing of personal data, while the processor is an entity which processes personal data on behalf of the controller

Question 11

What are the key principals of GDPR?

Answer 11

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentialty (security)
7. Accountability

Question 12

What are the individual rights under GDPR?

Answer 12

Be informed
Access
Rectification
Erasure
Restrict processing
Data portability
To object
Automated decision making and profiling

Question 13

Who enforces GDPR?

Answer 13

The Information Commissioners’s Office (ICO)

Question 14

What is the Freedom of Information Act 2000?

Answer 14

Provides public access to information held by public authorities.
Public authorities are obliged to publish certain information about their activities
Members of the public are entitled to request information from public authorities (If requested the public body has 20 days to provide the information)

Question 15

What is the maximum penalty for a breach of GDPR?

Answer 15

£17.5 million or 4% of a companies turnover which ever figure is higher, enforced by ICO

Question 16

If you intend to destroy a document, what things should you consider beforehand?

Answer 16

• Is the document an original contract/ legal document?
• Could the document be required for litigation or other proceedings?
• Does the document relate to a live project?
• Is a backup copy available?

Question 17

What measures could be used to protect commercially sensitive information or if there was a conflict of interest?

Answer 17

Have a non-disclosure agreement in place
Physical separation of staff
Security of stored documentation, including locked filing cabinets and password protected servers
Consider online server access permissions

Question 18

What ways can data be protected when transferring it on a client’s behalf?

Answer 18

• Encription and password locking
• Recorded special delivery
• Mark it as confidential
• Use secure networks and software

Question 19

What is an information barrier?

Answer 19

A physical and/or electronic separation of individuals within the same firm. The aim is to protect confidential information

Question 20

What are the types of data?

Answer 20

Qualitative (hard data)- non-numerical data like interviews and observations
Quantitative (soft data) - numerical data and statistical analysis
Hard - physical copy, e.g. print out
Soft - on the internet not published,

Question 21

What should you do if there is a data breach?

Answer 21

As well as report this to your organisations IT department to understand the route cause. It should be reported to the Information Commissioners Office (ICO) within 72 hours