DATA PROTECTION

Question 1

How long do you need to keep data for?

Answer 1

6 years if the contract is signed underhand.
12 years if the contract is executed as a deed.
Limitation Act 1980 sets most legal claim limitation periods.
Royal Institution of Chartered Surveyors recommends retaining data for up to 15 years.

Question 2

What type of data systems are used in your organisation?

Answer 2

Shared hard drives.
Backup servers.
Online storage systems (e.g. Dropbox).
Collaboration software such as Microsoft Teams.
Project extranet.

Question 3

What is a project extranet system?

Answer 3

A computer network that allows external parties to view project files on a secure platform.

Advantages

Improves communication.
24-hour access.
Efficient document sharing.
Secure access with permission settings.

Disadvantages

Can be expensive.
Requires maintenance.
May require user training.

Question 4

What are the benefits of cloud-based storage systems?

Answer 4

Easy access anywhere in the world.
Secure and password protected.
Low set-up cost.
Teams can work in real time.
Access controls and restrictions for confidential files.

Question 5

What sources of pricing data are available?

Answer 5

BCIS.
Pricing books such as Spons.
Benchmarking.
In-house records and databases.

Question 6

What are pricing books?

Answer 6

Used to assist with estimating and valuing variations.
Cover major areas of the construction process.
Include rates for maintenance, refurbishment and new build work.
Used for both large and small projects.

Question 7

What is BCIS?

Answer 7

Building Cost Information Service.
Provides construction cost and price data for the UK industry.
Used to produce estimates and option appraisals.
Supports early cost advice and cost planning.
Provides benchmarks for projects.
Part of the Royal Institution of Chartered Surveyors.

Question 8

What is the Data Protection Act 2018?

Answer 8

UK legislation controlling how personal information is used by organisations, businesses and government.
It is the UK’s implementation of the General Data Protection Regulation.

Question 9

What is GDPR?

Answer 9

A regulation in EU law on data protection and privacy.
Applies to the European Union and European Economic Area.
Governs how personal data is processed and protected.
Also regulates the transfer of personal data outside the EU/EEA.

Question 10

What is the purpose of GDPR?

Answer 10

To harmonise data privacy laws across member states.
To strengthen protection and rights of individuals.
To regulate how organisations collect, process and store personal data.
Non-compliance can result in significant fines and reputational damage.

Question 11

Who are the key persons outlined within GDPR?

Answer 11

Data Controller
Person or organisation that determines how and why personal data is processed.

Data Processor
A person or organisation that processes data on behalf of the controller.

Data Subject
The individual whose personal data is being processed.

Data Protection Officer (DPO)
Responsible for monitoring compliance with data protection regulations.

Question 12

What constitutes personal data?

Answer 12

Any information relating to an identifiable individual (data subject).
Can identify a person directly or indirectly.

Examples

Name

Photograph

Email address

Bank details

Social media posts

Medical information

IP address

Applies to electronic data and searchable physical records.

Question 13

What is the difference between a data processor and a data controller?

Answer 13

Data Controller
Determines the purposes, conditions and means of processing personal data.

Data Processor
Processes personal data on behalf of the controller.

Question 14

What are the 7 key principles of GDPR?

Answer 14

1. Lawfulness, fairness and transparency.
2. Purpose limitation.
3. Data minimisation.
4. Accuracy.
5. Storage limitation.
6. Integrity and confidentiality (security).
7. Accountability.

Question 15

What are the 8 individual rights under GDPR?

Answer 15

1. Right to be informed.
2. Right of access.
3. Right to rectification.
4. Right to erasure.
5. Right to restrict processing.
6. Right to data portability.
7. Right to object.
8. Rights related to automated decision making and profiling.

Question 16

Who enforces GDPR in the UK?

Answer 16

Information Commissioner’s Office.

Question 17

What is the Freedom of Information Act 2000?

Answer 17

Provides public access to information held by public authorities.
Public authorities must publish certain information about their activities.
Members of the public can request information from public authorities.

Question 18

If you intend to destroy a document, what should you consider beforehand?

Answer 18

Is the document an original contract or legal document?
Could it be required for litigation or legal proceedings?
Does the document relate to a live project?
Is a backup copy available?

Question 19

What measures could be taken to protect commercially sensitive information?

Answer 19

Have a Non-Disclosure Agreement (NDA) in place.
Physically separate staff where required.
Secure document storage (locked cabinets and password-protected systems).

Question 20

How can you protect data when transferring it on a client’s behalf?

Answer 20

Encryption and password protection.
Recorded or secure delivery methods.
Clearly mark documents as confidential.
Use secure networks and software.

Question 21

What is an information barrier?

Answer 21

A physical and/or electronic separation of individuals within the same firm.
Used to prevent confidential information being shared between teams.