What legislation covers data protection?
Data Protection Act 2018
UK GDPR
What is the purpose of the Data Protection Act 2018?
To bring UK GDPR into law following Brexit and give powers to a UK regulatory body.
What is the data protection regulatory body in the UK?
Information Commissioners Office
What are the principles of the Data Protection Act 2018?
Lawfulness
Purpose Limitation
Data Minimisation
Accuracy
Accountability
Security
Storage Limitation
What are the rights of the Data Protection Act 2018?
Right to Restrict Processing
Right to Access
Right to Data Portability
Right to be Informed
Right to Object
Right to Erasure
Right to Restrict Processing
Rights with regards to Automated Decision Making
What are the three parties in the Data Protection Act 2018?
Data Subject
Data Controller
Data Processor
What is a Data Subject?
Someone who’s information is collected.
What is a Data Controller?
Someone who decides what information is collected.
What is a Data Processor?
Someone who handles data on behalf of the Data Controller.
What is a subject access request and what is the timeline for this?
Request for information about yourself, must be processed within 30 days.
What is a Freedom of Information request?
A request for information held by a public body. Must be processed within 20 working days.
What legislation covers FOI requests?
Freedom of Information Act 2000
What information does not have to be provided in a FOI request?
Personal or sensitive information.
Information which is confidential or business sensitive.
Matters of national security.
What is Personal Information and what is Sensitive Information?
Personal information is information which can be used to identify an individual.
Sensitive information is a subset of personal information requiring special care as it may cause harm i.e. medical records.
How can you ensure that data is reliable?
Verify it through triangulating multiple sources.
What types of digital security do you use?
Encryption
Fire Walls
Discrete filing system
Multi-factor authentication
What physical data security do you use?
Clear desk policy
Key card building access
Confidential waste bins
What is copyright?
The exclusive right to intellectual property including licencing and the right to make copies.
What is intellectual property?
An intangible asset which is a creation of the mind such as music.
If a data breach occurs, what would you do?
Inform the Data Protection Officer.
When must a Data Protection Officer inform the ICO of a data breach?
Within 72 hours.
What is the penalty for breaching the Data Protection Act 2018?
A fine which is the greater of 4% of turnover of £17.5m
What is the purpose of UK GDPR
To give individuals greater control over their own information and how it is recorded.
What is a Privacy Notice?
A document provided to data subjects outlining what data is being collected, for what purpose and their rights.
-
Measurement (Lvl 2)20
-
Valuation (Lvl 3)88
-
Landlord & Tenant (Lvl 3)74
-
Leasing & Letting (Lvl 3)48
-
Property Management (Lvl 3)90
-
Data Management (Lvl 2)27
-
Ethics, Rules of Conduct and Professionalism (Lvl 3)109
-
Health & Safety (Lvl 2) / Inspection (Lvl 3)70
-
Accounting Principles & Procedures (Lvl 1)15
-
Conflict Avoidance, Management & Dispute Resolution (Lvl 1)18
-
Sustainability (Lvl 1)4
-
Prop Man - Forgotten Info8
-
Valuations - V286
-
Leasing and Letting - V268
-
Landlord and Tenant - V273
-
Property Management - V265
-
Data Management V230
-
Measurement - V224
