Data Management - Level 1

Question 1

How is data managed and protected in your firm?

Answer 1

1. Secure document storage
2. Back up of documents
3. Process for sharing documentation
4. Formatting and standardisation of reports

Question 2

What is GDPR?

Answer 2

The General Data Protection Regulations.
It is a regulation in EU law for protection and privacy in the EU and European Economic Area.
It addresses the transfer of personal data outside the EU and EEA.

Question 3

What does it mean to be GDPR compliant?

Answer 3

GDPR is a regulation that require businesses to protect the personal data and privact of EU citizens for transactions that occur within EU member states.
Non-compliance could cost companies dearly.

Question 4

What are the 7 principles of GDPR/key principles of Data Management Act 2018?

Answer 4

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Question 5

What things must companies put in place to ensure GDPR compliance?

Answer 5

1. Raise awareness across your business
2. Audit all personal data
3. Update your privacy notes
4. Review your procedures supporting individuals rights
5. Identify and document your legal basis for processing personal data under he GDPR
6. Review how you seek obtain and record consent

Question 6

How can you ensure data security?

Answer 6

1. disk encryption
2. regular back ups off site
3. password protection
4. anti-virus software

Question 7

What is copyright?

Answer 7

Exclusive rights granted to the author or creator of any original work. These rights can be licensed, assigned or transferred.
It is a form of intellectual property.

All copyrighted material used in work must be acknowledged.

Question 8

What is the Data Protection Act 2018?

Answer 8

This is the Act that implements GDPR in the UK and relates to the protection of personal data. It came into force on 25th May 2018 and replaced the Data Protection Act 1988.

Question 9

What are the key requirements of the Data Protection Act 2018?

Answer 9

1. Obligation to conduct data protection risk assessment
2. Rights to individuals to have access to information on what personal data is held and what is erased.
3. A data controller decides how and why personal data is processed.
4. NEW REG - ‘data accountability’ ensuring organisations can prove to the ICO (Information Commissioner’s Office how they comply with the new regulations.

Question 10

What happens if there is a data breach?

Answer 10

Inform ICO within 72 hours when there is a loss of personal data and and a risk of harm to individuals

Question 11

What are the 8 Individual rights under GDPR?

Answer 11

1. Right to be informed
2. Right to access
3. Right to rectification
4. Right to erase
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights to automated decision making and profiling

Question 12

What article of Data Protection Act 2018 relates to storage of personal data?

Answer 12

Article 5(1) states that data must be;
1. processed lawfully, fairly and in a transparent manner
2. collected for specified purposes
3. hold only what is adequate and necessary for the required purposes
4.

Question 13

What does Article 5(2) of Data Protection Act 2018 state?

Answer 13

“the controller shall be responsible for, and be able to demonstrate, compliance with regulations.”

Question 14

What is the Freedom of Information Act 2000?

Answer 14

gives individuals the right to access information held by public bodies. Must be supplied in 20 working days.
Exceptions;
1. if contrary to GDPR requirements
2. it would prejudice a criminal matter under investigation
3. it would prejudice a persons/organisations commercial interest

Question 15

What is a Non-Disclosure Agreement?

Answer 15

A contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together. e.g. accounting and financial stability of a company.

Question 16

What is the proposed RICS on cybercrime?

Answer 16

RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’.

Question 17

What will the RICS Professional Statement ‘Data Handling and Prevention of Cybercrime’. address?

Answer 17

1. encryption of protect data on portable devices
2. best practice when using cloud based storage facilities
3. ensuring appropriate data handling policies are in place in the event of a data breach or malware attached.

This is being put in place to protect a firm from serious reputation damage and financial loss.

Question 18

What is the process for updating your systems with personal data?

Answer 18

refer to GDPR principles for accuracy

Question 19

What is a locum agreement?

Answer 19

arrangements for if a professional is unavailable

Question 20

What does BEL do to protect information?

Answer 20

1. Internal procedures -
2. GDPR Officer
3. Staff Training - understand Data Protection Act 2018.
4. Data processing - password protected and request permission prior to passing information on.

Question 21

Why do I handle personal data?

Answer 21

1. leaseholders

2. contractors

Question 22

How do I ensure leaseholders information is kept safe?

Answer 22

1. Password protection

2. Check email recipients before sending

Question 23

What is the process of assignment?

Answer 23

CHECK LEASE CLAUSE
1. Leaseholder informs LL 2. LL solicitor draws up a licence to assign 3. AML/Identity/Credit checks 4. Rent deposit agreed 5. Sign.