(2) Core/Optional General Questions > Data Management (L3) > Flashcards

Data Management (L3) Flashcards

(202 cards)

Study These Flashcards
1
Q

What is a Data Source?

Examples of Internal and External?

A

The origin or location where data comes from. It is the point of collection that feeds into analysis, reporting, or decision-making.

Internal sources:

  • Lease documents
  • Valuation reports
  • Client databases (CRM, property management systems)

External sources:

  • Land Registry (title info, comparables)
  • VOA (rating data)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the limitations of primary data sources?

A
  • Time consuming
  • High cost - e.g. hiring inspectors
  • Human error
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the limitations of secondary data sources?

A
  • No control on what is contained in data
  • Lack of confidence could be wrong and inaccurate - validity
  • above link to GDPR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why is it important to be careful when accessing data sources?

A
  • Essential to consider the reliability of the source and associated risks;
  • Where possible, verify data against an alternative source through ‘triangulation’
  • High risk links

*Important to know which data you might use in work for different purposes, where it comes from and
how reliable it is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why is Data Storage and Security important?

A

Essential that data is kept safe from corruption and that access needs to be suitably controlled to ensure privacy and protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Give me some examples of data security technologies?

A
  1. Disk encryption - encrypt data on secure hard drive disk
  2. Regular back-ups off site
  3. Password protection
  4. Use of anti-virus software protection
  5. Firewalls and disaster recovery procedures

Consider what action is undertaken in your office to ensure the security of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a firewall?

A

Computer network security system that restricts internet traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Give me an example of how you ensure that data is kept securely.

A

-Two factor authentication
- Using data rooms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is intellectual property?

A

Something that is created using your mind, protected by legal rights e.g. patent. copyright

It allows the creator/owner to control use of their work and to benefit commercially from it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can intellectual property be transferred?

A

Yes - Written agreement e.g. contract/assignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the Main types of Intellectual Property?

A
  • Copyright
    -Trademarks
    -Patent
    -Design Rights
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is copyright?

A

Type of IP –>

Set of exclusive rights granted to author or creator of any original work including the right to copy

These rights can be licensed, assigned or transferred
Protects: literary, artistic, musical, dramatic works, films, software, databases.

Automatic protection (no registration).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are trademarks?

A

o Protects: brand names, logos, symbols, slogans.
o Must be registered to be fully enforceable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Data Protection Act 2018?

A
  • The UK’s main data protection legislation.
  • The UK’s implementation of the General Data Protection Regulations (GDPR).
  • Governs how organisations must handle, store, and process personal data, protecting privacy rights of individuals.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the UK GDPR (2021)

A
  • Came in when UK left the EU
  • Key principles remain
  • Relates to controllers and processors outside the UK if they are dealing with individuals inside the UK
  • Covers cross-boarder processing
  • Applies to both controllers and processors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When did the DPA 2018 come into force?

What did it come in to achieve?

A

It came into force on 25th May 2018 and replaced the Data Protection Act 1998

  • Act is a complete data protection system so as well as governing personal data covered by GDPR, it covers all other general data as previously covered by the 1998 Act.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Does the UK GDPR 2021 override the 2018 DPA?

A

No — it doesn’t override it.
✅ They work together.

Think of UK GDPR as the main framework. After Brexit, the EU GDPR was brought into UK law as the UK GDPR.

DPA 2018 provides the detail, exemptions, and enforcement mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the key provisions/rules of the DPA 2018?

A

1) It incorporates the GDPR into UK law, ensuring data protection rules align with the EU regulations
2) It provides a framework for processing personal data in the UK
3) Covers personal data and sensitive peronal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What types of data does the DPA 2018 Cover?

A
  1. Personal Data - info that identify an individual (directly or indirectly)
  2. Sensitive Personal Data (special category data): Includes data about racial or ethnic origin, religious beliefs, health, sex, genetics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a Data Subject?

A

A living individual whose personal data is being collected, held or processed.
- An identified or identifiable natural person

This means a person can be:
* Directly identifiable → e.g., by name, ID number, email address.
* Indirectly identifiable → e.g., by combining information such as job title + workplace + date of birth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the key principles of data processing under DPA 2018?

A

LPDASIA

1) Lawfulness, fairness, transparency
2) Purpose limitation - only collected for specific, legitimate purposes
3) Data minimization - only data necessary for intended purposes
4) Accuracy - kept up to date
5) Storage limitation - minimal time/as long as necessary
6) Integrity + confidentiality- processed securely to prevent unauthorised access
7) Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is SAR?

A

Subject access request

  • Individual demands for info a company holds on them
  • Respond within at least 1 calender month
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

EXAMPLE: Who is the data processor and data controller for CCTV information?

A
  • Data controller = Client/Landlord- they direct the processors activities. Define the means and purposes for holding, using and processing the data
  • Data processor = Workman- they will collect process, store and transmit personal data.
  • Data Sub Processor = A security contractor, RFMs etc. People who views and has access to the data

Data is processed on behalf of controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a data controller?

A

Person/entity that determines purpose and means of processing personal data (EG a client/landlord, employer holding employee HR records, university managing student records)

Must comply with principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Who is the Data Protection Officer (DPO) and what is their role?
Responsible for overseeing the data protection approach, strategy & implementation. Needed if an organisation processes large amounts of sensitive data. - These people must comply with data protection principles. Companies are also required to implement:
26
When would an organisation need to appoint a Data Protection Officer (DPO)?
If they process large amounts of sensitive data or perform regular and systematic monitoring of data subjects
27
What would you do if there was a data breach under DPA 2018?
Under the DPA 2018: - Report to Information Commissioners office (ICO) within 72 hours - Notify affected individuals without delay, IF likely to result in a high risk their rights/freedoms If within company I would report to line manager/data protection officer
28
How can a data breach be discovered?
- Unusual network activity - Unauthorised data access attempts - Lost equipment - Reported thefts
29
What are the penalties under GDPR and data protection act?
Fines reaching up to which is higher; - 4% of global annual turnover - 20m euros (£17.5m)
30
What are exemptions to the Data Protection Act and GDPR?
Some exemptions to the rules apply, these could be for: - National Security - Law enforcement - Journalism - Academic research - Public health
31
What is GDPR?
The General Data Protection Regulation - A data protection law that applies to all EU members and aims to give individuals greater control over the personal data, while imposing strict rules on organisations who process that data. - It is a complete data protection system that governs personal data covered by GDPR and the previous act - Replaced 1995 Data Protection Directive
32
What law did the GDPR replace?
Replaced the 1995 Data Protection Directive and harmionsed data protection laws across the EU.
33
When did GDPR come into effect?
EU - 25 May 2018
34
When was GDPR first introduced?
- EU in 2016 (implemented in May 2018 after a transition period) - UK in 2018 under data protection act - UK released own updates in 2021 (UK GDPR)
35
Why Did UK GDPR 2021 come in?
- The EU GDPR came into force in May 2018. It applied directly in the UK (because were still an EU member then). - Brexit meant EU laws no longer applied automatically, meaning regulations like GDPR would have fallen away, leaving a gap in UK data protection law. To avoid a legal gap, GDPR was “retained” in UK law. The UK government copied EU GDPR into domestic law and renamed it UK GDPR. It sits alongside the Data Protection Act 2018.
36
Who regulates GDPR in the UK?
Information Commissioners Office
37
Where did the DPA 2018 come from?
- Before 2018, the UK operated under the Data Protection Act 1998. Based on the 1995 EU Data Protection Directive. - Framework was outdated (couldn’t cope with digital economy, big data, AI, cloud computing, etc.). - The EU introduced the General Data Protection Regulation (GDPR) in May 2018. As an EU member at the time, the UK had to adopt GDPR.
38
How did GDPR tighten up the former DPA 1998?
- Gave individuals greater control over personal data (e.g. right to be forgotten, right to data portability). - Harsher penalties for non-compliance — up to £17.5 million or 4% of annual global turnover, whichever is higher. - Introduced a duty to report data breaches to the ICO within 72 hours. - Certain organisations (public bodies/those processing large volumes of data) must appoint a Data Protection Officer (DPO)
39
What is the difference between the UK Data Protection Act and the rules of GDPR?
GDPR: - EU-wide data protection regulation (now UK GDPR post-Brexit). - Sets core principles, rights, and obligations for handling personal data. UK Data Protection Act 2018: - UK law that supplements the UK GDPR. - Adds national exemptions and rules (e.g. for law enforcement, intelligence). - Gives the ICO powers to enforce data protection.
40
What are the key principles of GDPR?
LPDASIA 1) Lawfulness, fairness and transparency 2) Purpose limitation - specified and explicit 3) Storage limitation - should only be kept as long as necessary 4) Data minimization - only necessary data 5) Accuracy - up to date 6) Integrity and confidentiality - processed securely to prevent unauthorised access 7) Accountability - data controllers demonstrate compliance with GDPR principles ARTICLE 5(1) AND (2)
41
What are the individual rights under GDPR and the data protection act?
1) Right to be informed --> collection/use of personal data 2) Right to access --> to their personal data + request free copy 3) Right to rectification --> request corrections to data 4) Right to erasure --> 'to be forgotten'/deletion of data when no longer required 5) Right to restrict processing 6) Right to data portability --> obtain and reuse data across services 7) Right to object --> to processing of personal data, such as marketing 8) Rights related to automated decision making and profiling --> right to request human intervention
42
What are the key obligations for organisations under GDPR?
1) Must have data controller and data processor- both must implement appropriate technical and organisational measures 2) Data Protection by design and default - integrate DP into business practices 3) Data Protection Impact Assessment (DPIAs) - required for processing activities 4) May require DPO if processing large amounts of sensitive information (also oversee compliance with GDPR) 5) Breach notification/process --> when breach occurs
43
What is a Data Protection Impact Assessment (DPIAs)?
a process to identify, assess and minimise risks to individuals’ personal data when undertaking high-risk data processing. It’s a requirement under UK GDPR for certain activities
44
What is the purpose of GDPR and DPA?
Governs how personal data should be processed + protects rights of individuals
45
How do you comply with GDPR in your role?
- Report breaches to the DPO, and will then they will escalate to ICO is high risk - Do not give out personal info - Keep records of data consent - Ensure info held is in line with GDPR - Data Purges
46
Why was GDPR introduced?
To consolidate EU 2018 data laws and provide greater protection/rights to individuals
47
What is within the RICS guidance for GDPR compliance?
- Document purposes of holding information - Keep record of consent for processing, storage and retention - Check if you have contract for info
48
How long can you hold data for?
No specified time period - As of GDPR principle should be kept as long as necessary for processing purposes
49
How do you practice handling and managing data in line with GDPR at Workman?
- We have a compliance team and a compliance officer - Training provided ie. Cyber training on how to be safe online - IT controls on client data, opt in distribution lists etc.
50
What is the difference between the Data Protection Act and GDPR?
The Data Protection Act enacts GDRP into UK law
51
What things must companies put in place to ensure GDPR Compliance?
- Privacy notice informing employees and clients about how their personal data will be used - Training for employees on how to process personal / important data - Risk assessments for data processing activities - Firewalls / password changes / encryption etc.
52
Who are the key persons outlined within GDPR?
- DPO: Data protection officer - used when large amounts of sensitive data are being processed - Data controller: determines the purpose and means of processing of personal data - Data processor: processes the personal data on behalf of controller Eg contractor
53
How do you / your firm ensure compliance with GDPR?
- Our PM systems utilise personal data to link managers to their properties. - In line with the principles of GDPR, my firm requires us to add information in a secure way, using protected forms. - We also remove the information as soon as possible, in line with the data minimisation / storage limitation principles. Every 6 months there is a company-wide check of all properties and inactive managers are removed.
54
What is the Freedom of Information Act and when did it come into force?
IN THE UK --> Right for anyone to request public access to info held by a public body/authority. - Promotes transparency and accountability by allowing public to request information. -Public body required to provide within 20 working days (fee can be charged) - Introduced 30th Nov 2000
55
What are the exemptions to the Freedom of Information Act?
1) Absolute Exemptions (info that doesnt need to be disclosed) --> E.g national security, court records, parliamentary privilege, personal data protected under the DPA 2018. 2) Qualified Exemptions: Info that may be withheld if the public interest in maintaining the exemption outweighs the public interest in disclosure. --> E.g law enforcement, H&S etc
56
How much does it cost to submit a freedom of information request?
- Can be £0 - Limit is £450 for public authorities - Limit is £600 for central government
57
If you are working for a public sector client, and you receive a FOI request about a valuation you’ve prepared, what would you do?
- I would not release the information myself. - I would advise my client, who as the public authority is responsible for handling the request. - I would flag potential exemptions, such as commercial sensitivity or personal data, but the decision lies with the authority.”
58
What is Privacy and Electronic Communications (EC Directive) Regulations 2003?
- PECR = Privacy and Electronic Communications (EC Directive) Regulations 2003. - Sits alongside UK GDPR & DPA 2018 → applies specifically to electronic communications.
59
How does the PECR 2003 relate to UK GDPR & DPA 2018?
UK regulations that sit alongside the Data Protection Act 2018 and UK GDPR. They give people specific privacy rights in relation to electronic communications. Purpose: - To regulate how organisations can use electronic communications for marketing, cookies, and network security.
60
What is the Land Registry Act 2002?
- Framework to ensure possibility of transferring and creating registered land interests electronically - Aims to get all freehold land in England and Wales registered by 2030 - Any sale/lease over 7 years, or mortgage must be registered with HM Land Registry
61
What are the Key areas covered in the Privacy and Electronic Communications Regulations 2003 (PECR)?
1. Electronic Marketing- Rules for emails, texts, calls, faxes. Consent usually required (opt-in), but “soft opt-in” allowed for existing customers. 2. Cookies & Tracking - Websites/apps must tell users, explain purpose, and get consent before using cookies 3. Security of Communications Services - Telecoms/ISPs must keep services secure. 4. Customer Privacy- Confidentiality of communications (no unlawful interception). Rules on caller line ID and location data.
62
What is the Retention of files and Limitations Act 1980?
Sets out how long business should keep documents for. - States legal action must be brought within 6 years of issue arising. - 12 years: Deeds and certain property-related claims - Ensures surveyors are aware that claims for breach of lease obligations, defects, or valuation disputes may be barred after a certain time.
63
How long does the RICS advise to hold data for?
15 years - The Limitations Act 1980 long stop date
64
What is the Limitations Act 1980?
The Limitation Act 1980 is a UK law that sets out the statutory time limits (known as “limitation periods”) within which legal claims can be brought in England & Wales.
65
What is a Deed? Example?
- Legal document transferring or creating property rights. - Evidence of a transaction (sale, transfer, lease). Example: Transfer deed for a house sale
66
What is a Registered title? Example?
- Official Land Registry record of ownership. - Proof of legal ownership and interests. Example: Land Registry shows buyer as owner.
67
What is the difference between a deed and a registered title?
- Deed = Legal document that formally transfers legal ownership - Registered Title = concept of giving right to own electronically Title takes precedent (it is what the public uses) 💡 Tip: Deed = the document; Registered title = the official ownership record
68
What is an Index Map?
A large-scale map used to show the location and boundaries of a property or land parcel. It is usually referenced in deeds, conveyances, or registered titles to identify the land being transferred or leased
69
What are the Key features of Index maps?
- Shows plot boundaries, adjoining land, and reference numbers. - Acts as a visual reference to legal documents (e.g., a deed or lease). - Used in Land Registry and property records to link physical land to legal ownership.
70
How would you source title information?
1. Land Registry (Registered Titles)- Official record of ownership, easements, covenants. Searched via HM Land Registry. 2. Deeds (Unregistered Land)- Historical documents showing transfers, leases, or legal rights. Typically stored at solicitors’ offices or archives. 3. Title Plans/Index Maps. Show location and boundaries of property. Often included with deeds or Land Registry entries. 4. Official Searches & Enquiries- Local authority searches for planning restrictions, rights of way.
71
What are CPSEs?
Commercial Property Standard Enquiries A standardised set of questions used by surveyors, purchasers, or prospective tenants to obtain essential information about a commercial property before acquisition, lease, or investment.
72
What is the benefit of CPSEs?
They are designed to save time, reduce risk, and improve transparency in commercial property transactions.
73
Give me some examples of what the different types of CPSEs are used for?
- CPSE.1 (General pre-contract enquires) - Freehold, Purchases, New Lease - CPSE.2 - Sale or Purchase of leasehold properties - CPSE.3 - Grant of a new lease - CPSE.4- Assignment - CPSE.5- Surrenders
74
Which CPSE would you use for a lease assignment?
CPSE.4 is the standard form used for the assignment of an existing lease. It focuses on issues such as whether landlord’s consent is required, any arrears of rent or service charge, whether there are disputes under the lease, and details of alterations or break clauses
75
When might a data room be used?
- Used in sales, leases, or refinancing → for due diligence. - Key for property sales.
76
What are the benefits of a data room?
- Efficiency – all documents in one place, easy remote access. - Security – controlled access, encryption, audit trails. - Transparency – everyone sees the same up-to-date info. - Cost & Time Saving – no printing/couriers, faster due diligence. - Auditability – clear record of what was shared and when.
77
Explain the growing use of AVMs in the industry
1. Speed & Efficiency- Provide instant property valuations without manual inspection. 2. Cost-Effectiveness- Reduce the need for traditional surveyor input for every valuation. 3. Data-Driven Decision Making- Banks, lenders, and insurers use AVMs to assess risk and lending limits. Helps property investors analyze portfolios and market trends. 4. Integration with Digital Platforms- linked with BIM, GIS, and property databases for richer insights.
78
How do Workman manage and protect data?
- Keep documents secured – EFS files - Have annual audits carried out - Usually, Workman/landlord are data controller, and the contractor is the processor - DPO to contact with any queries - All about getting consent for marketing, taking photos of individuals, displaying cleaner/security certificates etc - ISO9001 – Protects documents relating to their business - ISO27001 - protect sensitive information systematically and manage risks related to data breaches or cyber threats
79
How do Workman Ensure GDPR compliance?
- Raise awareness across the business - Audit all personal data - Update privacy notice - Review procedures supporting individuals’ rights - Identify and document legal basis for processing personal data - Annual GDPR training
80
How do Workman practise handling/ managing data in line with GDPR?
- We have a compliance team and a compliance officer - Training provided ie. Cyber training on how to be safe online - IT controls on client data, opt in distribution lists etc.
81
Where does Workman store data?
On the cloud, which is stored in data centres within the UK.
82
Does your firm have a privacy notice? What is included?
- Yes - it is on the website - It identifies the data controller - Shows what data is held, Outlines uses for data, Outline how long you hold data for - Outlines the data rights - Cookies used etc
83
Disadvantages of Workman Management Systems?
1.Updates to ensure strong encryption and firewall --> Downtime 2. Always security risk 3. Dependent on internet connections (tech). If not, their data can’t be accessed
84
How do you comply with GDPR in your role?
- Report breaches - Do not give out personal info - Keep records of data consent - Ensure info held is in line with GDPR - Data Accuracy - ensure records are accurate and kept up to date (e.g. updating tenant contact details when notified).
85
What is the Use of horizon/tramps and meridian?
* Tramps --> Client reporting, sending tenant invoices, Accounting figures for budget, Legal documentation, Password protected - change every month * Meridian --> Actioning health and safety queries / documentation, Prop inspection report
86
How do you handle Confidential Information in a lease assignment (in line with GDPR principles)?
1) Secure Collection - Documents are submitted password-protected encrypted email. 2) Restricted Access - Only the responsible surveyor and legal team can view the information. Only certain people copied into email. 3) Purpose-Limited Use - Information is used solely to assess the assignee’s financial strength and advise the landlord. 4) Secure Storage - Digital files stored on EFS within the relevant property. 5) Data Minimization - Only necessary information is extracted for reports; irrelevant details are not retained. When reporting to the client, I summarise findings rather than sharing raw data unnecessarily. 6) Disposal & Compliance - After the assignment process, confidential files are securely deleted or shredded.
87
If you come across a data breach, what is the process?
* Notify affected individuals without delay * Report to Information Commissioners office within 72 hours - * If within company I would report to line manager/data protection officer
88
How do you protect Electronic Data from Viruses?
1. Antivirus & Anti-Malware Software- Install programs and keep updated. Regularly scan devices for threats. 2. Firewalls- Use hardware or software firewalls to block unauthorized access. 3. Regular Software Updates- Keep operating systems and applications patched to fix vulnerabilities. 4. Email & Download Security- Avoid opening suspicious attachments. Verify sources before downloading files. 5. Data Backups- Maintain regular backups to recover files if infected. Store backups offline/in secure cloud storage
89
What is ISO9001?
Sets out requirements for how firms should control data + documents relating to their business
90
What are the differences between manual and electronic records?
Electronic = stored online on file system and can read multiple at once Manual = Physical storage and harder to locate
91
What is the purpose of GDPR and data protection act?
Governs how personal data should be processed + protects rights of individuals
92
Can you give me some examples of reports that you run?
Arrears report Tenancy schedules Service charge analysis
93
What is the right to be forgotten?
The right for individuals to have their personal data erased if no longer required or if data processed unlawfully
94
What is an electronic document management system?
Software that centrally stores and organises documentation. E.g. Workman EFS
95
How is data managed on the Tramps (Horizon + Sharepoint) platform?
- Collaboration and sharing between different teams within businesses (and between business) - Only authorised users can access certain files - Audit trails document activity - Documents held via the cloud - Double factor authentication to get into the site
96
What is hard and soft data?
Hard - quantifiable, numerical facts Soft - not measurable - e.g opinions
97
Explain your use of horizon/tramps and meridian?
Tramps - Client reporting - Sending tenant invoices - Accounting figures for budget - Legal documentation - Password protected - change every month Meridian - Actioning health and safety queries / documentations - Prop inspection reports
98
RICS best practice points for complying with GDPR?
- Conduct data review - Anonymise data where possible - Encrypt everything where possible - Treat commercial data same as personal data, even though not covered by GDPR
99
What are the benefits of the cloud?
- Env friendly - less space - Speed - Accessibility managed via online settings - Collaboration - Information backed up securely on encrypted servers - Multiple users can access the same documents
100
When you downloaded the tenants account history reports, how do you ensure that these are stored safely?
Stored on electronic filing system (EFS), this is my firms encrypted filing system. I ensured these were saved under property specific folder
101
How did you ensure that the folder you set up on your system for the sale ensured data safety principles were met?
1) Picked sharepoint as the data room provider - Ensured encryption and password entry 2) Add users - Set boundaries 3) Set permissions for users 4) Add documents and files - These can be downloaded to local internet networks
102
What does TRAMPS stand for?
Trace Microcomputer Property System
103
What is ISO27001?
Set of requirements for defining, implementing, operating, and improving an Information Security Management System (ISMS) - Proves to customers that it safeguards their data
104
What do ISO27001 users have privilege for?
Privileged accounts may access important data or systems or exercise administrative powers. - It is important to secure privileged accounts to prevent unauthorized use. - Accessing sensitive data
105
How do you ensure compliance with the Data Protection Act 2018 and UK GDPR?
- Process data lawfully and fairly for its intended purpose. - Obtain consent where necessary. - Secure personal and financial information through password protection and restricted access. - Keep records of processing and retention periods. - Report breaches promptly according to company procedures.
106
What systems do you use for data management?
Accounting systems: Tramps and Horizon for financial records, tenant accounts, and service charge management. Health & Safety systems: Vantify and Meridian for tracking inspections, risk assessments, and H&S compliance.
107
How do you maintain data accuracy in these systems?
- Regular audits and reconciliations of financial data. - Cross-checking property information with lease documents and inspection reports. - Ensuring all entries are updated promptly when changes occur.
108
What have you learned from managing property and client data?
- Effective data management reduces errors, improves efficiency, and supports compliance. - Regular training and system familiarity enhance accuracy and security. - Cross-referencing multiple systems ensures consistency across financial, property, and H&S records.
109
What are Vantify and Meridian?
A H&S management system used to track, manage, and report on inspections, risk assessments, and compliance actions. Helps ensure H&S obligations are monitored and met.
110
What are Tramps and Horizon?
A property and financial management system used to manage tenant accounts, service charges, rent collection, and financial reporting
111
What is the impact and importance of GDPR?
- Signficantly impacted how organisations worldwide handle personal data, driving greater respect/accountability for individual privacy rights. - Set a high standard for data protection - It is essential for any organisation processing personal data of EU Citizens, regardless of location
112
What is the public interest test?
Decides under a qualified exemption if it is in the public interest to publish the data
113
What is a publication scheme?
A guide that a public authority must produce under the Freedom of Information Act 2000 (FOIA). - Where public authorities are required to proactively publish certain info through a publication scheme. - schemes must be approved by ICO and intend to make more info available, without specific requests.
114
What is the impact/importance of Freedom of Information Act (2000)
- Transparency and accountability --> providing a mechanism for public scrutiny - Public participation --> enables citizens to participate more effectively in decision-making processes - Press and research --> frequently requested/use FOIA requests.
115
What other steps should be taken when erasing personal data?
Ensure erasure from back-up systems as well as live systems
116
How quickly do you need to delete personal data if someone requests this?
Within a month - 30 days
117
What information is stored electronically in your firm?
- Property related information - Client information – names, contact details - General admin – fee invoices, staff contracts
118
What information is stored hard copy in your office?
Older leases and property files
119
What would you do if a piece of land is unregistered?
In this instance, proof of ownership is by production of a deed which sets out information about the ownership and the property details. - Check if it should be registered – registration is compulsory on sale, transfer, lease over 7 years, assignment of such a lease, or first legal mortgage. If none have occurred, it may remain unregistered. - Obtain the title deeds – these are the only proof of ownership. - Carry out extra due diligence – site inspection and local searches, as Land Registry guarantees don’t apply.
120
What are title documents?
A copy of the original register of title that the land registry can provide (a title plan and title register) detailing: - Owner - Address of owner - Tenure - Price paid (if sold since April 2000) - The boundaries - Any rights of way or restrictions & covenants on the land noted on the register
121
What is a Non-disclosure agreement? Why might you use it?
An agreement in which the parties agree not to disclose the information covered by the agreement. With parties involved in a potential transaction, if it is of a sensitive nature.
122
What are examples of data security threats?
- Phising and Whaling - Hacking - Loss or theft of equipment - Insider threat - an employee causes a data breach (can be mistakenly or malicious)
123
When would RICS investigate a social media post online?
- One that adversely impacts public confidence and trust in the profession This includes posts that: - are discriminatory, dishonest, abusive or threatening - bully, harass other people
124
What is primary vs secondary data?
- Primary = Data collected for the first time by the researcher to meet a specific, current need. - Secondary = Data that already exists and was collected by someone else for a different purpose
125
What is the request called when someone wants information about themselves?
Subject Access Request (SAR) ICO have 30 days to respond to
126
What would you do if you lost a management/confidential report on the way to site?
- I would be open and honest with the client - I would inform my line manager, and because it was high risk, i would inform my DPO at my company - Inform the individual asap - Then would they handle it
127
Can you tell me how CCTV relates to GDPR and the principles that underpin it?
- Data transparency - Lawful/fair - Purpose limitation - requires personal data to be collected - Storage limitation - Only retained for time period - Secured against unauthorised access - data controller etc
128
What would you do if someone wanted to review the CCTV footage at Holborn/Lewisham/Guildford?
1) Request received 2) Check with data protection officer 3) Notify police (if required) 4) Ask subject to complete SAR whilst awaiting advice from data protection officer
129
What do the GDPR regulations say about CCTV?
- Reason for surveillance - Consider privacy - access/detecting incidents/audit - Policies and procedures - what to be recorded/who can view/how long to retain - Regular reviews - updated system/cameras added/removed - Accountability - Named person (IT team - Data Controller + data protection officer) - Need to pay data protection fee to ICO - Register with ICO as CCTV operator - Complete a data privacy impact assessment with ICO
130
What is Article 6 of GDPR?
- Outlines the lawful bases required for any processing of personal data, meaning data processors must have one of these legal grounds to proceed. - The six bases are: consent, contract, legal obligation, vital interests, public task, and legitimate interests. - Without one of these bases, processing personal data is not permitted
131
What does block chain mean?
Shared ledger system that facilitates process of recording transactions across a computer network
132
How do you extract data in your role?
1. SharePoint - extract tenant lease information from the property management database to prepare valuation reports and lease reviews. 2. Horizon – Tenant rent information, service charge/rent invoices etc
133
What are Automated Valuation Models (AVMs)
Computerized systems that estimate property values using algorithms, statistical models, and available data (sales, rents, property attributes, market trends).
134
What is Building Information Modelling (BIM) and how can it be used?
A process supported by digital tools that enables stakeholders (surveyors, contractors, and owners) to create, manage, and exchange information about a building in a coordinated way. - Generate and manage digital representations of elements of a building e.g. project planning and historic preservation
135
What is a Data Room?
A centralised secure location (physical or digital) where all relevant documents, records, and data relating to a property are stored for review by authorised parties. - Share sensitive docs, controlled access and relevant docs (in line with GDPR/DPA)
136
What are the rights of access under GDPR?
Individuals have right to access their personal data and supplementary information - can request copy of data free of charge
137
What are special provisions around DPA/GDPR?
1. Children’s Data- merit special protection. UK GDPR sets 13 as the minimum age for a child to consent to online services (with parental consent required below this). 2. International Data Transfers - When personal data is sent outside the UK, the law steps in because not all countries have the same level of protection.
138
What is a Data processor?
Processes data on behalf of controller (sometimes known as a third-party E.g a Cloud IT company)
139
What are the rights of individual Data Subjects? (Under GDPR/DPA)
1. Right to be informed 2. Right of access: access their own personal data 3. Right to rectification: request corrections 4. Right to erasure: to be forgotten 5. Right to restrict processing: limitations of data 6. Right to data portability: obtain & reuse personal data across different services 7. Right to object 8. Rights related to automated decision making and profiling
140
How is data managed and protected in your firm?
- Consistent password changes (every 30 days) - Microsoft Authentication - Firewalls - EFS encryption - Consistent data purges - Regular training on how to protect data
141
How often do you update your management systems?
Vantify/Meridian: - Ongoing Actions at site --> at least once every fortnight - Key documents have a red, amber, green dependant on high-risk/importance. These are completed dependant on when they're due (most yearly) - Inspection reports: usually 6 monthly Accounting Management Systems (Horizon etc): - Updated when there a lease renewal/expiry - New charges, arrears due There are often data purges throughout company
142
What systems do you use for data management?
Accounting systems: Tramps and Horizon for financial records, tenant accounts, and service charge management. Health & Safety systems: Vantify and Meridian for tracking inspections, risk assessments, and H&S compliance.
143
How do you check the accuracy of the health and safety reports?
- Review the document thoroughly - ensure all areas/points have been covered - Confirm compliance: Check against legislation, RICS guidance, and internal policies. - Send them to the RFM to review - We make sure they are carried out by safe approval contractors
144
What action points do you review – give an example of an ‘action point’?
Action points --> tasks/remedial measures identified to reduce risk, ensure compliance, or address issues highlighted in inspections or audits. Examples are: - Faults with lifts following inspection - Remedial task- repair loose tile, uneven walkway, redecoration - Emergency Equipment: service fire extinguishers, something expired
145
What information goes into a data input form? (DI FORM)
A data input for is used for any changes at a property. For example: - Changes in registered address - Lease Renewal/Expiry - Break Dates - Rent Free periods - For new properties
146
How do you verify accuracy on Horizon / TRAMPS?
- Check against the lease, held on sharepoint - TRAMPS/Horizon information comes directly from the lease. - ALWAYS CHECK LEASE
147
Tell us more about the EFS?
- Software that centrally stores and organises documentation. E.g. Workman EFS - This is Workman's encrypted filing system. - I ensure files are always saved under the correct property. - It provides Secure Storage - Digital files stored on EFS within the relevant property.
148
Where is the EFS ‘stored’?
It is stored within the files on our computer It is network location- online cloud
149
Do you have a back up for the EFS?
- We have client management systems too which also hold the same information (SecureDocs, Sharepoint etc) - Regular Automated Backups: Daily or weekly backups to a secure server or cloud storage. - Version Control: Retain multiple versions so previous data can be restored if needed. - Testing: Periodically test backups to ensure data can be recovered correctly. - Access Controls: Only authorized personnel can access or restore the backups.
150
What is TRAMPS?
Computerised property management system (PMS) used to manage, track, and report on various aspects of property operations. It’s particularly common in UK commercial property portfolios. Key Features of TRAMPS - Lease Management: Tracks lease terms, rent reviews, expiries, and options. - Financial Reporting: Produces reports for clients on rent roll, service charges, and arrears. - Reporting (Tenancy schedules)
151
Give me an example of when you have used a data input form?
- New Lease: Oryx Align or Myriad at Cornhill. - Use it all the time.
152
Can you tell me about how you extract data from a source regularly used in your role?
Horizon 1) Encrypted login 2) Search up property on system - go to data source needed e.g. invoice Sharepoint/SecureDocs: - Double authentication - Client management systems
153
Explain how the H&S updates you make, ensure you can monitor compliance on Meridian/Vantify?
- Time stamped record of actions completed and comments made - See when risk assessments run out - Instruct - Notified to make updates fortnightly. - Green, amber, red - Action tracking system
154
How is data managed on the Tramps (Horizon + Sharepoint) platform?
- Collaboration and sharing between different teams within businesses (and between business) - Only authorised users can access certain files - Audit trails document activity - Documents held via the cloud
155
Where do Workman store their data?
On the cloud, which is stored in data centres within the UK.
156
In your experience, is it better to store data on Workman or Client data systems, why?
- Conscious some clients are larger institutional funds handling commercially sensitive data and have own requirements and systems - If using client system - ensure firewall to connect secure locations - If using Workman system - be aware of client requirements RE password protection, access, location
157
Which RICS Rules of Conduct/ professional standards did you consider when handling sensitive information?
- I followed the RICS Rules of Conduct on acting with integrity, competence, and in the client’s best interests while also ensuring compliance with the law (GDPR). - I also adhered to professional statements on client money and service charges, ensuring data was accurate, transparent, and not misleading.
158
Can you pass over tenant names when assigning arrears on a sale?
You can when assigning arrears, but only where it is: - Necessary for the purchaser to manage the property post-sale (GDPR “legitimate interest” basis). - Limited to what is required – e.g. tenant name, arrears balance, lease reference, contact details for rent collection. DO NOT PROVIDE PERSONAL ADDRESSES, BANK DETAILS ETC - Transferred securely (e.g. encrypted email or secure data room).
159
What are CPSEs used for?
Selling property New lettings Assignments CPSE 1-3 - New lease CPSE 2 - Sale CPSE 4 - Assignment CPSE always used, in a addition to another relevant one…
160
Disadvantages of Workman Management Systems?
1.Updates to ensure strong encryption and firewall –> Downtime 2. Always security risk 3. Dependent on internet connections (tech). If not, their data can’t be accessed
161
Tell me about another example of something you have advised on following a monthly meeting?
- Upcoming lease expiry at Moorgate (outside of 1954 act), asking them their plans - Collecting large arrears E.g D A solutions, cornhill, advising how to resolve the issue.
162
What is a property managers responsibility when managing a vacant building?
- Insurance - Repairs - EPC (and consider MEES) - Inspections - insurance purposes (FORTNIGHTLY) - Inform council - rates - Security -Maintain landscaping / asbestos - Undertake a health and safety and fire risk assessment of the building
163
What are the different types of rates relief avaliable?
- Small Business Rates Relief (SBRR): Full or tapered relief if RV ≤ £15,000; only for single/main property. - Empty Property Relief: First 3 months (6 months industrial); after that, full rates payable. - Charitable / CASC Relief: Mandatory 80%, discretionary up to 100% for charitable use. - Rural Rate Relief: Up to 100% for qualifying rural properties.
164
Are rates mitigations stratgies considered ethical under RICS?
Permitted: - Strategies must be legal, transparent, and not misleading. - E.g. genuine short-term lettings or occupation by property guardians. Not Permitted: - Artificial arrangements that are sham occupations (e.g. putting a token amount of furniture in a building to claim “occupation”). - Anything that could be viewed as tax evasion or misrepresentation. - Breaching the RICS Rules of Conduct: act with integrity, avoid misleading, and uphold public confidence.
165
Do Workman have a privacy notice?
YES - identifies Workman as a data controller Shows what data is held (not kept for longer than necessary), uses for data and how long data can be held, rights of data subjects etc
166
Tell me how you extract data in your role?
- Horizon - lease/invoice/rental information - Encrypted login - Pull data off of data rooms - Sharepoint - lease information - Search up properties on managed systems
167
Tell me how you comply with GDPR in your role?
- Report breaches - Do not give out personal info - Keep records of data consent - Ensure info held is in line with GDPR - Data Accuracy - ensure records are accurate and kept up to date (e.g. updating tenant contact details when notified).
168
Give me an example of when you have complied with GDPR in your role?
Lombard Sale - Used a data room- - Set permissions for users - Access Controls: Shared data only with authorised parties (client, solicitors, and instructed agents). - GDPR Compliance: Ensured handling was consistent with GDPR, only sharing information necessary for the transaction. - CPSEs were contained within the data room
169
How does your use of TRAMPS, Horizon and meridian uphold GDPR?
- password protected, - double-factor authentication - Password changed every month
170
Tell me about a time you processed and handled confidential information?
Lease Assignment at Unit 7 Wanstead (case study) 1) Secure collection - documents submitted to a data room 2) Restricted access - only responsible surveyor/legal team could view info 3) Purpose-limited use - Information is used solely to assess assignee financial strength and provide landlord recommendation 4) Secure storage - all relevant info stored in our EFS after assignment was completed (lease info) 5) Disposal & compliance - after the assignment, all confidential files were deleted (that were no longer required)
171
Workmans data breach process?
- Notify affected individuals without delay - Report to ICO via DPO within 72 Hours - If an internal issue, report to line manager, DPO immediately.
172
How do you protect Electronic Data from Viruses?
1. Antivirus & Anti-Malware Software- 2. Firewalls- 3. Regular Software Updates- 4. Email & Download Security- 5. Data Backups- 6. Regular training to ensure awareness.
173
What risks could arise from poor data management in your reporting, and how do you mitigate them?
- Lead to inaccurate arrears reporting, missed lease events, or incorrect tenancy information, - Also not redacting info about tenants/props etc - Which could expose the client to financial loss or reputational risk. Therefore: - Ensure rigorous cross-checking, use our internal filing system/ management systems for latest version control - Always clarify discrepancies with the rest of the PMs before sharing.
174
Can you confirm how data from your examples are stored under the regulations?
In line with GDPR principles
175
Which records are manually kept in your office and why?
Financial records e.g. invoices and receipts - Low risk of data loss and provide an audit trail
176
What is an electronic document management system?
Software that centrally stores and organises documentation. E.g. Workman EFS
177
Can you give me some examples of data held by surveying practices covered under GDPR?
- Emails/correspondence - Contact details of tenants, clients etc - Demographic, personal information - Customer data held for marketing - Data to help service a client (accounting info)
178
Explain how H&S updates you make ensure you can monitor compliance on Meridian?
- Time stamped record of actions completed and comments made - See when risk assessments run out - Instruct Green, amber, red - Action tracking system
179
What is RICS best practice points for complying with GDPR?
- Conduct data review - Anonymise data where possible - Encrypt everything where possible - Treat commercial data same as personal data, even though not covered by GDPR
180
When you downloaded tenants account history reports/arrears information for your monthly portfolio meetings, how do you ensure that these are stored safely?
- Stored on electronic filing system (EFS), this is my firms encrypted filing system. I ensured these were saved under property specific folder
181
When sending out the London Office Monthly reports, how do you ensure this is secure?
- I use secure email transfer, and any unnecessary personal information is excluded. - I only include relevant recipients into the email. - Workman uses ISO27000 - helps encryption during transmission, ensures access control - Avoid including unnecessary personal data,
182
How often are Fire Risk Assessments reviewed and required?
- Typically reviewed annually or when significant changes occur in the building or its use - New assessment every 3-5 years
183
What is included in General Risk Assessments?
- Identify hazards. - Decide who might be harmed and how. - Assess risk (likelihood × severity). - Record and implement control measures. - Assign responsibility and set review dates
184
How often are General Risk Assessments reviewed and required?
- Typically reviewed annually or when significant changes occur in the building or its use - New assessment every 3-5 years
185
Tell me what is included in asbestos reports/surveys?
- Survey details & summary. - Register of ACMs (location, type, condition). - Risk assessment (likelihood of fibre release). - Photos/plans. - Recommendations (manage, encapsulate, or remove).
186
How often are asbestos re inspection reports required?
- The asbestos register must be kept up to date. - It should be reviewed at least every 12 months. - A new survey/report is required if there are significant changes (e.g. refurbishment, demolition, or suspected disturbance of ACMs).
187
Tell me an example of where you have had an issue/incident with asbestos?
- Warwick House - Getting works done in basement plantroom, and M&E contractors reported potential disturbed asbestos. - Therefore, we requested immediate sealed off/isolation of the affected area. Put up signage etc - Notify the dutyholder/RFM/H&S team straight away. - We then engaged the licensed asbestos contractor to inspect, test, and safely remediate. - They confirmed it was OK, resealed it, made safe and didn't need to be removed.
188
What types of H&S documents do you commonly manage, and how do you handle them?
- Manage fire risk assessments, general risk assessments, and asbestos reports. - Upload them into the relevant system (Vantify etc), and log any action points for follow-up by the property management team or contractors.
189
Why is accurate data management important in health and safety compliance?
- Ensures statutory compliance - Reduces risk to tenants and visitors - Protects the client from enforcement action or reputational damage. - Errors or delays in updating systems could result in missed actions, exposing the client to liability.
190
Which RICS or legal requirements guide your approach to managing these records?
- I comply with the RICS Rules of Conduct around providing a high standard of service and acting in the client’s best interests. - Also ensure compliance with the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999, which require dutyholders to manage/monitor risk through proper record-keeping
191
How do you ensure the accuracy of the data you input?
- I verify details against the signed lease when completing the form. - Once completed, I double-check key fields such as rent commencement, review dates, and break clauses. - I then sign off the form before my line manager checks - Then checked again by the data input team, who process documents.
192
Why is it important to store critical lease documents on the Electronic Filing System (EFS)?
- EFS provides a secure and centralised system for all important documents. - Ensures version control, allows quick access in emergencies - Supports compliance by making sure client and tenant information is stored in line with GDPR and firm policies
193
Tell me some risks that could arise from poor data management in lease event recording?
- Errors could lead to missed rent reviews, - Unnoticed break dates - Incorrect billing These could cause financial loss and reputational damage to the client.
194
How do you ensure internal management systems remain accurate following a disposal, such as Lombard Sale?
- Complete data input forms to update Horizon/TRAMPS - Remove the asset from arrears reporting - Confirm the disposal is recorded. - We have a post-sale obligations checklist to adhere to
195
Why are Change of Tenancy (COT) forms important when managing disposals?
- COT forms ensure utility and supplier accounts are terminated or transferred correctly, This prevents ongoing liability for the client and ensuring a smooth handover to the new owner.
196
What does RICS Professional Standard: Service Charges in Commercial Property (2018) 1st Edition, (Effective April 2019, reissued 2023 as PS), say about sales?
Appendix D - commercial property handover - Reconcile any outstanding closed service charge years. - Transfer any SC credit balance. - Recover arrears/shortfalls, confirming whether buyer or seller can pursue. - Provide buyer/managing agent with full service charge records for continuity. - Provide property financial information
197
How do you ensure data quality and integrity in large datasets?
- Validate data on entry to ensure accuracy, completeness, and correct formatting. - Perform regular checks and audits to identify errors, duplicates, or anomalies. - Implement version control and maintain a clear audit trail of changes.
198
For your managed properties, who is the data controller and who is data processor
Data Controller - The landlord Data Processor - Workman/Us
199
If you needed to review CCTV, are you able to?
- You can if you are on the list of those authorised to do so. - If not, you can speak to the DPO to request access and gain the necessary permissions - Access must comply with GDPR, the DPA 2018, and the CCTV policy — ensuring footage is only viewed by authorised personnel, kept secure, and not retained longer than necessary.
200
Can you tell me about the retention of files and limitations act 1980?
Sets out how long business should keep documents for. States legal action must be brought within 6 years of issue arising
201
Can you give me some examples of reports that you run?
- Arrears report - Tenancy schedules - Service charge analysis
202
How do you validate information used/received?
- Avoid duplications - Cross check against historic data - Tenant/Landlord info - Make sure date is complete - DI form dates correct - correct charges and sent to correct recipients
(2) Core/Optional General Questions
flashcards
Decks in class (8)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions