Data Management

Question 1

What is the Freedom of Information Act?

Answer 1

UK Legislation that gives individuals the right of access to information held by public bodies

Question 2

What is a Subject Data Request?

Answer 2

A request made by an individual to access the personal data an organisation holds about them under the Data Protection ACT 2018

Question 3

How is your data backed up - is it stored remotely in a cloud?

Answer 3

At Mileway, we use Microsoft One Drive to store our data. OneDrive is a cloud based storage system.

Question 4

What legislation do you adhere to when handling data?

Answer 4

Data Protection Act 2018 and GDPR

Question 5

What are the General Data Protection Regulations?

Answer 5

Sets out seven key principles for how personal data must be handled and protected

Question 6

What is copyright?

Answer 6

A set of exclusive rights granted to the author or creator of any original work, including the right to copy

Question 7

What is intellectual property and can it be transferred?

Answer 7

Refers to the creation of the mind such as reports that are legally protected and can be transferred through assignment or licenced

Question 8

Tell me about the Retention of Files and Limitation Act 1980

Answer 8

File retention is influenced by the Limitation Act 1980, which sets time limits for legal claims. Contract and negligence claims are generally limited to six years, although latent damage claims may arise up to fifteen years after the event

Question 9

What is the Data Protection Act 2018?

Answer 9

Uk legislation that governs how person data is collected, processed, stored and protected.

Question 10

What are the seven principles of GDPR?

Answer 10

• Lawfulness, Fairness and Transparency
• Purpose Limitation
• Data Minimisation
• Accuracy
• Storage Limitation
• Integrity and Confidentiality (Security)
• Accountability

Question 11

What are the 8 individual rights under GDPR?

Answer 11

Right to be:
* Informed
* Access
* Rectification
* Erasure
* Restrict processing
* Data portability
* Object
* Automated decision making and profiling

Question 12

What are the fines for non-compliance with GDPR?

Answer 12

• Policed by the Information Commissioners Office * Up to 4% of global turnover or £17.5m whichever is greater

Question 13

What do you need to do if you have a data breach?

Answer 13

Notify the Information Commissioners Office (ICO) within 72 hours of the breach occuring

Question 14

How do you keep clients information secure?

Answer 14

• Cloud based storage • Password protected documents • Clear desk policy • Lock computer when away from desk

Question 15

How did you verify the reliability of comparable evidence sourced from databases such as CoStar and EGI?

Answer 15

I used the triangulation method, and spoke to the agents who dealt with the transaction to confirm the details held on these data bases.

Question 16

Why was it important to contact agents directly to confirm transaction details, and what key information did you seek to verify?

Answer 16

To ensure that the comparable evidence details were correct, I asked them to confirm the key lease terms.

Question 17

How did you ensure that the comparable evidence you relied upon was truly comparable to the subject property?

Answer 17

By verifying the details

Question 18

What adjustments did you typically consider when analysing comparable lettings or investment transactions?

Answer 18

• Location • Specification • Size • Lease terms

Question 19

Why was it important to ensure compliance with GDPR when handling transactional data, and how did you apply Article 5(1) principles in practice?

Answer 19

To protect individuals’ personal information and ensure it is processed lawfully and securely.
I applied Article 5(1) principles by ensuring data was used:
* For legitimate purposes
* Limited to what was necessary
*Stored securely
* Retained in line with my firms policies

Question 20

How did you analyse arrears data to identify emerging risks to your client’s income stream?

Answer 20

I analysed collection rate stats, to identify where tenants starting to become later with payments.

Question 21

Why was it important to track month-on-month arrears movements rather than reviewing arrears in isolation?

Answer 21

Because this showed trends in time over a specific moment in time

Question 22

What steps did you take to ensure sensitive financial information was handled securely and in line with data protection requirements?

Answer 22

I ensured that the data was held in a password protected file which only the property management and client team could access.

Question 23

How long can you hold client data for?

Answer 23

Typically 6 years or as long as you admiratively need to hold it

Question 24

f you encounter a data breach, how quickly should the data subject be notified?

Answer 24

As soon as possible

Question 25

What are the fines for non-compliance with GDPR?

Answer 25

4% of global turnover or £17.5 million whichever is greater

Question 26

What is the purpose and scope of the Responsible use of artificial intelligence in surveying practice 2026?

Answer 26

Supports AI's potential to advance surveying • Applies to AI outputs with material impact on service delivery • Global conduct standard

Question 27

What does the Responsible use of artificial intelligence in surveying practice 2026 say about practice management for Firms?

Answer 27

Data Governance • System Governance • Risk Management

Question 28

What is an identifiable living individual?

Answer 28

A living individual who can be identified by the data held by a company

Question 29

What is a data controller under GDPR?

Answer 29

Natural or legal person who determines the purpose and means of the processing of personal data

Question 30

What is a processor under GDPR?

Answer 30

Natural or legal person who possesses personal data on behalf of the controller

Question 31

What is ISO 27001?

Answer 31

Governs how a company should adopt a information security management system

Question 32

What guidance does the Professional Standard on Responsible Use of AI in Surveying Practice contain?

Answer 32

* Must be transparent with clients about the extent of which AI is used; * Must maintain professional scepticism about the outputs; * Must carry out a suitability assessment; * Must have good practice management including the use of an AI Risk Register.

Question 33

How frequently should you review your firms AI Risk register?

Answer 33

Quarterly.

Question 34

Why is it important that AI use in surveying is reviewed regularly?

Answer 34

Required under the Professional Standard; AI evolves quickly; AI systems carry greater levels of risk because they are systematic.

Question 35

What processes would you need to setup as an RICS regulated firm using AI?

Answer 35

* Work inline with the professional standard; * Maintain professional scepticism based on having a questioning mentality; * Transparency around the use of AI; * Must carry out a suitability assessment; * Must have good practice management including the use of an AI Risk Register; * Data governance procedures.

Question 36

What factors would you need to consider when using AI to ensure you comply with the RICS rules of conduct?

Answer 36

* Rule 1 - Acting with Honesty and Integrity: AI must be agreed and communicated in advance with clients; * Rule 2 - Acting with Competence & Rule 3 Providing a High Standard of Service: Maintaining professional scepticism and Human Oversight is key; * Rule 4 - Treating Others with Respect & Rule 5 Maintaining Public Confidence: Providing full transparency around the use of AI must be provided to clients.

Question 37

What are the clients' rights to explainability if you are using AI?

Answer 37

Clients may seek to obtain further information about the use of AI by a member or firm: The type of AI being used; The basic ways of working and limitations of the AI; The due diligence carried out before using the AI system; The way relevant risks associated with the use of the AI are identified and managed; The decisions made about the reliability of the output from the AI.

Question 38

What must you included within terms of engagement if using AI?

Answer 38

* When and for what purpose AI is to be used; * When AI will be involved in the delivery of a surveying service; * The parts of the process for delivery of a surveying service in which AI will be involved; * The extent of professional indemnity cover for use of AI systems by the firm; * The internal processes to contest the use of an AI system; * The processes to seek redress if a client feels they have been negatively affected by the use of an AI system; * How a client can out of the use of AI.

Question 39

Can you provide an overview of the Professional Standard on Responsible Use of AI in the Surveying Practice?

Answer 39

Sets the baseline professional standards for members and firms using AI systems in their work.

Question 40

What baseline knowledge must RICS members have before using AI in surveying services?

Answer 40

Types & subsets of AI, how they work, their limitations and failure modes; Risks of erroneous outputs; Inherent risk of bias; Data usage and the risks relevant to AI systems.

Question 41

What is lawful data processing and how do you and your company comply with this?

Answer 41

* Requires personal data to be processed on a valid legal basis, such as contract, legal obligation or legitimate interest, and handled fairly, transparently and securely. I ensure compliance by identifying the lawful basis for processing, issuing privacy notices, minimising data collected, storing it securely, and adhering to company policies and retention requirements.

Question 42

Can you tell me about a recent piece of legislation that relates to Data Management?

Answer 42

Data Use and Access Act 2025

Question 43

What does the Data Use and Access Act 2025 provide?

Answer 43

* Establishing a framework for smart data and digital verification schemes * Data protection law changes in relating to automated decision making and data sharing with public authorities * Amends rules in the use of cookies and tracking The ICO will be replaced by the Information Commission

Question 44

After an individual requests for their personal data to be removed, how quick must this be actioned?

Answer 44

ASAP but within 1 month