DATA MANAGEMENT

Question 1

Can you tell me three principles of UK GDPR and the Data Protection Act 2018?

Answer 1

Lawfulness, fairness, and transparency

Personal data should be processed in a lawful, fair, and transparent manner.

Purpose limitation

The purpose for processing data should be clear.

Data minimisation

Organisations should only collect the amount of data they need.

Question 2

How do you comply with UK GDPR and the Data Protection Act 2018 in your role?

Answer 2

Protect Data: Securely handle and store personal data.

Ensure Transparency: Inform clients about data use and obtain necessary consent.

Question 3

Give me an example of how you process and handle confidential information.

Answer 3

Data from clients remains confidential, this is not expressed anywhere public.

Secure Storage: Store documents and data in encrypted digital systems.

Controlled Access: Restrict access to confidential information to only those team members who need it for their role.

Question 4

What do the Privacy and Electronic Communications Regulations 2003 apply to?

Answer 4

Direct Marketing: Rules on consent and opt-out options for marketing via phone, email, and text.

Cookies: Requirements for informing users and obtaining consent for cookies.

Security: Ensuring the security of public electronic communications networks.

Question 5

What is Intellectual Property?

Answer 5

Creations of the mind, such as inventions, literary and artistic works, designs, symbols, names, and images used in commerce.

Question 6

What is the Freedom of Information Act 2000?

Answer 6

Provides: The public with the right to access information held by public authorities.

Requires: Public bodies to disclose information unless there are valid exemptions.

Question 7

What is the difference between a deed and a registered title?

Answer 7

Deed - A legal document that formally transfers ownership of property or other rights from one party to another.

Registered title - An official record of property ownership maintained by the land registry.

Question 8

What is an index map?

Answer 8

An index map is a type of map used to locate and reference detailed maps or plans.

It provides an overview, often with a grid or key, showing the areas covered by individual maps or plans, making it easier to find specific locations or documents.

Question 9

What is a firewall?

Answer 9

A firewall is a security system that monitors and controls network traffic.

It acts as a barrier between a trusted internal network and untrusted external networks.

Question 10

What does block chain mean?

Answer 10

Blockchain is a decentralised system that records transactions across multiple computers in a way that ensures the data cannot be altered retroactively.

Used in Cryptocurrencies.

Question 11

Explain the growing use of AVMs in the industry

Answer 11

Automated Valuation Models (AVMs)

Can be more efficient and timely.

Question 12

What is ISO 9001?

Answer 12

ISO 9001 is an international standard for quality management systems

Question 13

Who are they key persons outlined within GDPR

Answer 13

Controller - person or legal entity controlling an employees data for example.

Processor - person or legal entity processing data on behalf of controller

Data protection officer - responsible for overseeing the process

Question 14

What are the 8 rights under GDPR?

Answer 14

To be informed

Right of access

Rectification

Erasure

To restrict processing

Data portability

To object

To to profiling

Question 15

What is GDPR

Answer 15

General data protection regulation 2016

Question 16

Confidentiality

Answer 16

Where information is provided but is subject to confidence and not shared without permission.

Question 17

Meta Data

Answer 17

Meta Data is information about a specific piece of data. For example when sharing a cost planning document, the Meta Data associated with this could consist of information about the author, the file size, the date the document was created and keywords to describe the document. We must ensure that this Meta Data is afforded the same level of care as all other confidential data. In a scenario where we are sharing a document or removing confidential components of a document we should ensure that any confidential meta data is not shared inadvertently.

Question 18

Intellectual Property and Copyright

Answer 18

This is the right to control the use and ownership of original works. Work generally created by an employee usually belongs to their employer unless copyrights are put in place. It is common within construction for a client to be granted license for use and reproduction of copyright material which should be clearly defined. This could be the right to use a particular design by a subcontracting specialist who retains control of the original copyright.

Question 19

Freedom of Information Act 2005

Answer 19

This is the primary piece of UK legislation that controls the access to official information. * The act permits the public right of access to information held by public authorities. * Information must also be published through the public authorities publication scheme. * The act covers all information held and not just information since the act came into effect.

Question 20

Benefits of cloud-based storage systems

Answer 20

Information is backed up securely on encrypted servers. Accessibility can be managed via online settings. Cloud systems are often cheaper than the costs of physically storing and managing files. It is convenient to send and share files online instead of mailing physical copies. Cloud systems are environmentally friendly. Multiple users can access the same documents. Documents and folder systems can be synchronized.

Question 21

Non-disclosure agreement

Answer 21

Non-disclosure agreements are used to protect against the disclosure or sharing of any confidential data. Prior to the confidential data being share with a recipient, clients will typically request that the recipient signs up to an NDA. They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.

Question 22

Managing client sensitive data between rival companies

Answer 22

I would make the client aware of the risks involved and check their understanding of the conflict of interest. I would ensure a letter of instruction to continue was obtained from the client. Exclusivity of staff would be arranged. The use of non-disclosure agreements would be considered. Separate working locations from each of the teams would need to be put in place. Secure document and data storage would be arranged to be used exclusively for the separate teams.

Question 23

Data Protection Act 2018

Answer 23

The act replaces previous 1998 legislation and manages how personal data is processed by organisations and the government. It is the UK legislation for the implementation of the EU General Data Protection Regulations (GDPR).

Question 24

Key Principles of the Data Protection Act 2018

Answer 24

The act ensures that data is:- o Used fairly, lawfully and transparently. o Used in a way that is adequate, relevant and limited to only the purpose it is intended. o Is retained for no longer than is necessary. o Processed securely including the protection against unlawful use, loss or destruction.

Question 25

Person’s rights under the Data Protection Act

Answer 25

People have the right to:- o To be informed about how their data is being used. o The right to access their data. o The right to have incorrect information updated. o To have their data erased. o To stop or restrict the processing of their data. o The right of portability. o To object to the use of their data.

Question 26

Key persons outlined within GDPR

Answer 26

Controller o The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller. Processor o A natural person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor. Data Protection Officer (DPO) o The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.

Question 27

8 individual rights under GDPR

Answer 27

The right to be informed. * The right of access. * The right of rectification. * The right to erasure. * The right to restrict processing. * The right to data portability. * The right to object. * Rights of automated decision making and profiling.

Question 28

Sources of information used in day-to-day surveying

Answer 28

RICS Guidance Notes. Contract Documentation. Previous Tenders. Cost Plans. Valuation data. Industry Journals. Specialist sub-contractor information.

Question 29

Managing sources of information for compliance

Answer 29

If signed up to an NDA with a client I ensure complete confidentiality and am not able to talk about these projects with colleagues who are not party to the project. I use lockable and secure document storage for hard copy documents. The electronic information is kept securely on encrypted servers. I am always sure to lock my computer when away from my desk and comply with my firms IT security policies for example attendance at Cyber security courses and regularly updating my passwords. If I am sharing or processing information not available in the public domain from a previous project I always obtain the clients written permission to do so.

Question 30

Ensuring compliance with Data Protection legislation

Answer 30

They should only retain data they need to perform their day-to-day operations. If they are retaining someone’s data they should ensure the person is kept informed and advised on why they have it. They should hold the data securely. They should also keep the information up to date and delete information they no longer need.

Question 31

Three principles of GDPR

Answer 31

General Data Protection Regulation (2016) 1. Lawfulness, fairness, transparency 2. Purpose limitation 3. Data minimisation 4. Accuracy 5. Storage limitation 6. Integrity and confidentiality 7. Accountability.

Question 32

Three principles of the Data Protection Act

Answer 32

Data Protection Act (2018) 1. Fairness 2. Lawfulness 3. Transparency.

Question 33

Complying with GDPR and the Data Protection Act 2018

Answer 33

Ensure access to data is only granted to people who require it. I ensure that all files and folders are labelled correctly. Data is only stored for as long as necessary – either for the length of time needed for a project or to comply with statutory regulations e.g money laundering. Secure confidential and sensitive information with password encryption. Only share data using secure systems.

Question 34

Example of ensuring data security

Answer 34

Ensure access to data is only granted to people who require it. Secure confidential and sensitive information with password encryption. Only share data using secure systems. Separate out data in a logical and secure fashion.

Question 35

Can copyright be transferred?

Answer 35

A copyright owner can sell or transfer their rights to someone else. This is known as a copyright assignment.

Question 36

Example of a property information tool

Answer 36

Land Registry – used to access a title register which includes: o Title number o Ownership o How much the property was last sold for o Whether the property has a mortgage o Details of ‘restrictive covenants’ - promises to not do certain things with the land, like not building on a particular area o Details of any ‘easements’ - the rights of one piece of land over another, like a right of way.

Question 37

Limitations of primary/secondary data sources

Answer 37

Primary Data – data/information gathered first hand for your specific purpose. Secondary Data – data published by a different researcher or firm.

Question 38

Validating information

Answer 38

Source – is the source credible and reliable. Time – how recent is the information gathered is it as up to date as possible. Relevance – is the information gather directly related to your need or purpose. Sense check – try to verify the information by cross referencing.

Question 39

Difference between a deed and a registered title

Answer 39

Title refers to the ownership of a property. Deeds is the legal document that transfers title from one person to another.

Question 40

Sourcing title information

Answer 40

Land Registry – used to access a title register.

Question 41

Differences between manual and electronic records

Answer 41

A manual record is where records are maintained by hand, without using a computer system. An electronic record is where records are maintained on automated storage systems rather than physical files.

Question 42

Index map

Answer 42

The index map contains information on all land and property that's registered or being registered with HM Land Registry. Use it to find the title number of a property that does not appear in a search of the register.

Question 43

Encryption

Answer 43

Encryption the process of converting information or data into a code, especially to prevent unauthorized access.

Question 44

Firewall

Answer 44

Firewall is software that blocks unexpected connections coming into or out of a network.

Question 45

Protecting electronic data from viruses

Answer 45

Firewall and anti-virus software. Provide password protection. Back up your data. Educate your users on the dangers of viruses.

Question 46

Records manually kept in your office

Answer 46

Signed contracts – signed in wet ink, original copies may be required for proof of signature.

Question 47

Electronic signatures accepted by the Land Registry

Answer 47

From July 2020 – the Land Registry will accept witnessed electronic signatures with immediate effect.

Question 48

Documents for electronic signatures

Answer 48

o Offer letters. o Sales contracts. o Permission slips. o Rental/lease agreements. o Liability waivers. o Financial documents.

Question 49

Data redundancy

Answer 49

Data redundancy occurs when the same piece of data exists in multiple places.

Question 50

Data

Answer 50

Data is defined as facts or figures, or information that’s stored in or used by a computer. eg. an email.

Question 51

Ensuring the security of data

Answer 51

Password protecting documents. Reviewing who has access to folders. When sending emails make sure they are encrypted so they cannot be intercepted.

Question 52

Legislation dictating the storage and sharing of information

Answer 52

Data Protection act 2018 The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly, lawfully and transparently. The UK’s 2018 Data Protection Act is an almost identical copy of GDPR for a reason: when the UK leaves the EU, there won’t be a huge shift in the law.

Question 53

GDPR

Answer 53

General Data Protection Regulation (GDPR) 2018 Companies covered by the GDPR are accountable for their handling of people’s personal information.

Question 54

What is the purpose of data management in professional practice?

Question 55

What are the key stages in the data management process (collection, storage, retrieval, disposal)?

Question 56

What types of data might you handle in your role as a planning and development professional?

Question 57

What are the key principles of the General Data Protection Regulation (GDPR)?

Question 58

What does “personal data” mean under GDPR?

Question 59

What is the difference between a data controller and a data processor?

Question 60

What is meant by “data minimisation” under GDPR?

Question 61

How long can personal data be stored?

Question 62

What are the potential consequences of breaching GDPR?

Question 63

How would you ensure client confidentiality when handling data?

Question 64

What steps would you take if you discovered a potential data breach?

Question 65

How do you ensure data is shared securely between colleagues and consultants?

Question 66

What is the role of a Data Protection Officer (DPO)?

Question 67

What are the main data security measures used in your workplace (e.g. password protection, restricted access, encryption)?

Question 68

How do your company’s policies ensure compliance with GDPR and data security requirements?

Question 69

What electronic systems or databases do you use to store and manage project information?

Question 70

How is sensitive client or project data managed within shared digital environments (e.g. SharePoint, BIM platforms, project management portals)?

Question 70

What are the advantages and disadvantages of digital versus paper-based filing systems?

Question 71

What steps do you take to ensure the accuracy and reliability of the data you collect?

Question 72

How does effective data management support wider business operations, such as project delivery or compliance?