What is GDPR?
GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018. It aims to create a single data protection regime for the European Union
What Act Implemented the GDPR in the UK?
The Data Protection Act (2018), which replaces the Data Protection Act 1998 after 20 years.
What do you need to do if you have a data breach?
Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.
What are the fines for non-compliance with UK GDPR?
For serious breaches of the data protection principles, ICO power to issue fines of up to £17.5 million or 4% of your annual worldwide turnover, whichever is higher
What are the 8 Individual Rights Under GDPR?
- Right to Be Informed of info being held
- Right of Access
- Right of Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Automated Decision Making
BARE ROPA
When was the Freedom of Information Act Enforced, and what does it do?
The freedom of information Act came into effect in 2000, it allows an individual to request access to information held by a public body. The public body is required to provide that information (normally in 20 working days) in the requested format, however they can charge a fee for this.
Give me an example of how your company is compliant with GDPR
On marketing emails, we give people the right to be removed from our database.
Does your company tell people how their data is stored?
Yes, our website gives detail on our ‘Fair Processing Notices’ which outlines:
* our purpose of collecting personal data
* how to unsubscribe from marketing communication
* special catergories of data are necessary for fulfilling legal obligations relating to AML
What Act Implemented the GDPR in the UK?
The Data Protection Act (2018), which replaces the Data Protection Act 1998 after 20 years.
What is GDPR?
GDPR is the General Data Protection Regulation (2016), that came into effect on the 25th May 2018 as part of the UK Data Protection Act.
It aims to create a single data protection regime for the European Union
What do you need to do if you have a data breach?
Notify the Information Commissioners Office (ICO) within 72 hours of the breach occurring.
What are some examples of data security technologies?
Disk encryption (encrypting data on a secure hard disk drive)
regular back-ups offsite
password protection
use of anti-virus software protection
firewalls
VPNS (Virtual Private Networks)
What is a firewall?
Network security device that monitors traffic to or from your network
What is copyright?
A set of exclusive rights granted to the author or creator of any original work inc. the right to copy. Form of intellectual property
What is triangulation?
Triangulation is the process of verifying data from multiple sources to validate any data collected
Who polices the Data Protection Act and UK GDPR?
Information Commissioners Office (ICO)
What are the individual rights under UK GDPR? (8)
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to automated decision-making and profiling.
What are the principles of the UK GDPR? (5)
Personal data must be
1. processed lawfully, fairly and in a transparent manner
2. collected for a specific and legitimate purpose
3. accurate and kept up to date
4. kept no longer than necessary
5. processed in a secure manner.
What is the link between UK GDPR and Data Protection Act 2018?
When UK left EU in 2016, it formed its own regulations, the UK GDPR which is covered by the Data Protection Act 2018
What is the aim of the UK GDPR/Data Protection Act 2018?
Aims to create a single data protection regime affecting businesses and empowering individuals to take control of how their data is used by third parties
What is an SAR?
Subject Access Request – Demand that the individual be given all the information that a company holds on them.
When was the Freedom of Information Act Enforced, and what does it do?
The freedom of information Act came into effect in 2000, it allows an individual to request access to information held by a public body. The public body is required to provide that information (normally in 20 working days) in the requested format, however they can charge a fee for this.
What are some of the requirements of the UK GDPR/Data Protection Act 2018? (4)
- Obligation to conduct data protection impact assessments for high-risk holding of data
- Data controllers decides how and why personal data is processed and is directly responsible for GDPR
- ‘Data Accountability’ ensures that organisations can prove to the ICO how they comply with the new regulations
- Data security breaches need to be reported to the ICO within 72 hours where there is a loss of personal data and a risk of harm to individuals.
What is the Freedom of Information Act 2000? (2)
Give individuals right of access to information held by public bodies. Public body is required to supply it within 20 working days
-
Optional - Leasing Letting (L3) - done (exl. subs)72
-
Mandatory - Inclusive Environments (L1) done28
-
Mandatory - Client Care (L2) done27
-
Mandatory - Accounting Principles and Procedures (L1) done21
-
Mandatory - Diversity, Inclusion and Teamworking (L1) - done23
-
Core - Inspection (L3) - done (excl. subs)86
-
Mandatory - Business Planning (L1) - done22
-
Mandatory - Conflict Avoidance, Management, and Dispute Resolution (L1) - done22
-
Mandatory - Communication and Negotiation (L2) - done14
-
Mandatory - Ethics, Rules and Professional Conduct (L3)106
-
Optional - Data Management (L3)41
-
Optional - Sustainability (L2)30
-
Optional - Market Appraisals (L2)0
-
Core - Valuation (L3)115
-
Core - Measurement (L2)52
-
Mandatory - Health and Safety (L2)41
-
Case Study Questions6
-
Other General Knowledge3
-
Hot Topic Questions0
-
Optional - Loan Security Valuation (L3)28
-
Optional - Development Appraisals (L2)57
-
RICS Documents & Lists0
