Data Management Level 1

Question 1

Ensuring reliability of data sources

Answer 1

When processing data, assess the reliability of the source and associated risks. Where possible, you should verify data against an alternative source through “triangulation.”

Question 2

Data Storage & Security

Answer 2

Data Storage and Security:
It is essential that data is kept safe from corruption and that access is suitably controlled to ensure privacy and protection.

Data Security Technologies:
- Disk encryption on a secure hard disk drive.
- Regular backups held off-site.
- Cloud storage.
- Password protection and use of anti-virus software.
- Firewalls and disaster recovery procedures.

Question 3

UK GDPR - Origin, Purpose, Key Provisions, penalties.

Answer 3

Origin: The UK General Data Protection Regulation (UK GDPR) is governed by the Data Protection Act 2018. The EU GDPR is no longer applicable in the UK post-Brexit.

Purpose: It aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties.

The regulation gives individuals the right to be informed about how their personal information is being used.

Key Requirements:

An obligation to conduct data protection impact assessments for high risk holding of data.

New rights for individuals to have access to information on what personal information is held and to have it erased.

Data Controller: A data controller decides how and why personal data is processed and is directly responsible for complying with UK GDPR.

Accountability: Organisations must be able to prove to the Information Commissioner’s Office (ICO) how they comply with the principles.

Data Breach Reporting: Data security breaches must be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.

Penalties: Fines can be up to £17.5 million or 4% of global turnover, whichever is greater.

Policed by the ICO (Information Commissioners Office)

Question 4

UK GDPR - Principles

Answer 4

Article 5(1) Principles relating to the storage of personal data states that data must be:

processed lawfully, fairly and in a transparent manner in relation to individuals;

collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

adequate, relevant and limited to what is necessary for the purposes for which they are processed;

accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles”

Question 5

UK GDPR - Individual Rights

Answer 5

The 8 Individual Rights:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

Question 6

Freedom of Information Act 2000 (FOIA)

Answer 6

Purpose: The FOIA gives individuals the right to access information held by public bodies.
Process:
A public body must confirm to the individual whether it holds the requested information.
It is normally required to supply the information within 20 working days in the format requested.
A charge can be made for providing the information.

Exemptions: A request can be refused for several reasons, including:
If it is contrary to GDPR requirements.
If it would prejudice a criminal matter under investigation.
If it would prejudice a person’s or organisation’s commercial interest.

Question 7

NDAs

Answer 7

Non-Disclosure Agreement (NDA):
A legally enforceable contract between two parties concerning sensitive information.
It creates a confidential relationship between the person who has the information and the person who gets access to it.
A party harmed by a breach of an NDA can take legal action to enforce it and seek damages for any losses.

Question 8

Data retention:

Answer 8

Data Retention Policies: Firms require retention policies for the safe keeping of files.

Question 9

Use of AI

Answer 9

RICS has completed a public consultation on its proposed new Professional Standard, “Responsible use of AI.”
The 1st Edition was published in September 2025, due to come into for on 9th March 2026 and will aim to provide clear guidance on the ethical and practical obligations of using AI in the natural and built environment sectors.

Some of the key provisions include governance & risk management
Professional judgement and oversight
Transparency and client communication
Ethical development of AI

Question 10

How can security of data be improved?

Answer 10

The security of electronic data can be improved using firewalls, encryption, cloud-based systems, and passwords.

Question 11

What is Copyright?

Answer 11

Copyright:
A set of exclusive rights granted to the author or creator of an original work, including the right to copy. These rights can be licensed, assigned, or transferred.

Crown Copyright:
This form of intellectual property applies to all material created and prepared by the Government. This includes the Survey of London, public records, official press releases, and Ordnance Survey mapping.
It is essential that you acknowledge any copyright for information duplicated in your work.

Question 12

Horizon - Advantages and Limitations

Answer 12

Advantages
Comprehensive functionality - Full property lifecycle management
Strong financial controls - Robust accounting and service charge management
Lease administration - Detailed tracking of key dates and obligations
UK market focus - Built for UK commercial property requirements
Integration capabilities - API connectivity with third-party systems
Established support - Local UK support and training resources
Data security - Enterprise-level security controls for sensitive property and tenant data
GDPR compliance - Built-in features to support UK data protection requirements

Limitations
Complex user interface - Steep learning curve and dated design
High implementation costs - Expensive setup, training, and ongoing licensing
Limited customisation - Requires vendor involvement for workflow changes
Reporting restrictions - Less flexible than modern cloud-based alternatives
Mobile limitations - Basic mobile functionality compared to app-native solutions
Data migration complexity - Challenging transfer from legacy systems
Update dependencies - Reliant on vendor release cycles for new features
Data portability concerns - Potential challenges extracting data if switching systems (important for GDPR Article 20 - right to data portability)
User access controls - May require careful configuration to ensure appropriate data access restrictions under data protection principles

Question 13

Yardi - Advantages / Limitations

Answer 13

Advantages
Cloud-based platform - Modern SaaS architecture with automatic updates
Comprehensive suite - Integrated property management, accounting, and CRM functionality
Strong reporting - Flexible dashboards and real-time analytics
Mobile optimised - Native mobile apps for field operations
Scalability - Handles portfolios from small to enterprise level
Global presence - Established UK operations with local support
API ecosystem - Extensive third-party integrations and marketplace
Data security - Enterprise-grade security with regular penetration testing
GDPR compliance - Built-in privacy controls and data subject rights management
Workflow automation - Configurable business process automation

Limitations
Subscription costs - Higher ongoing SaaS fees, particularly for smaller portfolios
Module complexity - Can be over-engineered for simpler requirements
Implementation time - Lengthy setup process for complex configurations
Training requirements - Extensive user training needed across multiple modules
Customisation limitations - Limited ability to modify core workflows
Data migration challenges - Complex historical data transfer from legacy systems
System dependencies - Heavy reliance on internet connectivity for operations
Vendor lock-in - Difficult data extraction if switching platforms (GDPR data portability considerations)
User licensing - Per-user costs can escalate with team growth
Third-party integrations - Some integrations may require additional licensing fees
Data residency - Need to verify UK/EU data hosting for GDPR compliance requirements

Question 14

Riskwise - Advantages / Limitations

Answer 14

Advantages
Health & safety focus - Purpose-built for H&S compliance and risk management
User-friendly interface - Intuitive design with minimal training requirements
Mobile functionality - Strong mobile app for site inspections and incident reporting
Compliance tracking - Automated reminders for certificates, training, and renewals
Risk assessment tools - Built-in templates and methodologies for various industries
Incident management - Comprehensive accident and near-miss reporting capabilities
Document management - Centralised storage for policies, procedures, and certificates
Audit trails - Complete records for regulatory compliance and legal defence
Data security - Secure cloud hosting with regular backups
GDPR compliance - Privacy controls for employee and contractor personal data
Cost-effective - Competitive pricing for specialist H&S functionality

Limitations
Limited integration - Fewer third-party connections compared to enterprise platforms
Reporting flexibility - Less customisable reporting than general business intelligence tools
Scalability constraints - May not suit very large, complex organisations
Property-specific features - Limited property management functionality beyond H&S
Data export options - Potential restrictions on bulk data extraction (GDPR portability considerations)
Customisation limits - Fixed workflows may not suit all organisational processes
Offline capability - Limited functionality without internet connectivity
Training records - May require integration with HR systems for complete employee records
Contractor management - Basic supplier/contractor database compared to procurement systems
Data retention controls - Need to verify automatic deletion capabilities for GDPR compliance
Multi-site complexity - May lack sophisticated hierarchy management for large portfolios