What are different types of data security tech?
What are good disaster recovery procedures?
- Disk encryption (secure hard drive)
- Cloud Storage (digital data on remote servers / internet)
- Password protection & anti-virus software protection
- Firewall & disaster recovery procedures
Why do you mean by copyright?
- Set up exclusive rights granted to an author or creator of any original work.
o These rights can be licensed, assigned or transferred
o Form of intellectual property
o Crown Copyright: all material created and prepared by the Government, e.g. laws, public records, OS mapping.
What regulation governs data management in the UK?
Data Protection Act, 2018 and within that:
UK General Data Protection Regulation (UK GDPR)
What does the UK data protection act 2018 set out?
- Set out rules and principles as to how companies process personal data
- The act includes UK GDPR
- the key principles of UK GDPR
- Define individual rights regarding their information
- Require data to be handled lawfully fairly and securely.
Can you tell me about UK GDPR?
Aim: Create a single data protection regime affecting businesses and empower individuals to take control of how their data is used by 3rd parties.
Gives people right to be informed about how 3rd parties use their info.
Who polices a data breach?
Information commissioner’s office (ICO).
What you call the person in your company who ensures data protection laws?
Data Controller
what is the penalty for a data breach?
Fines up to 4% of global turnover of the company or £17.5 million (whichever is greater).
If there is a data breach within your company what do you do?
- Inform your Data Controller
- Report it to a client
- Report it to your company
- report it to the Policed by information commissioner’s office (ICO) within 72 hours
What were the key principles set out in Article 5(1) of UK GDPR?
Or: What are some principles of the Data Protection Act?
1) D - Data minimisations
2) I - Integrity and confidentiality
3) L- Lawfulness, fairness and transparency
4) A - Accuracy
5) A - Accountability
6) P - Purpose limitation
7) S - Storage limitations
Who are the key persons within UK GDPR?
Data Controller: Reporting breaches / leaks
Data Processer: Examine data
Data Protection officer: Compliance
What does data accountability mean?
Ensures organisations can prove to the ICO how they comply with regulations.
What does the Freedom of Information Act say?
Right for individuals to access info held by public bodies unless contrary to GDPR/ criminal investigation.
* Public body:
o Inform individuals requesting sight of info whether it holds it.
o Must supply it in 20 working days (in same format) – can charge for info.
How can you ensure employees competence to addressing phishing?
Ensuring there is adequate training is put in place.
What is JLLs data retention policy?
Only hold as long as required for legitimate business purposes
How many individual rights are there within UKGDPR? and what are they?
8 individual rights:
* Right to be Informed
* Right of Access
* Right to data Portability (to use for their own purposes)
* Right to Object
* Right of Rectification
* Right to Restrict processing
* Right to Erasure
* Right to automated decision making and Profiling (undertaken by insurance companies
What is a Non-Disclosure Agreement?
- Legally enforced contract between two parties relating to sensitive information
- Agreement will create a confidential relationship between a person who has sensitive info and a person who has access to that info.
- Party harmed by breach of NDA can take legal action (seek damages for any losses that were incurred).
What can you tell me about the Use of Artificial Intelligence.
- RICS have completed public consultation on: Professional Standard: Responsible use of AI 2025 (1st Edition)
- Provides guidance on the ethical and practical considerations of AI and the natural and built environment
What is a firewall
a network security system that acts as a barrier between a trusted internal network and an untrusted external network
What is Triangulation
using multiple data sources to verify the data / info
What is your companies firewall?
Palo Alto Networks, Inc.
What is cloud computing?
A cloud computing model that enables storing data and files on the internet through a cloud computing provider that you access either through internet/private connection
What are key requirements under the Data Protection Act, 2018
- Obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held & to have it erased
- Data controller decides how and why personal data is processed and is directly responsible for GDPR
- Principle of ‘data accountability’ ensuring organisations can prove how they comply with regulations can prove the information commissioners officer (ICO)
Who is responsible for GDPR within your company?
Data Controller
