How can you comply with UK GDPR when dealing with mailing lists?
- Only collect information that is required
- Ensure that is very clear that there are ways to unsubscribe
- Ensure you get consent from partipants to be on the mailing list
What sorts of information a firm can reasonably retain in order to comply with other laws?
CHECKKK
What Data Management Training have you undertaken?
- Password Protection Training
- Clear desk policy
What systems does Cluttons have in place to ensure data security?
- Firewalls
- Encryption
- Regular password updates
- Two-Factor Authentication
- Anti-virus software
CHECK
Who is UK GDPR policed by?
Information Commissioner’s Office (ICO)
What are the fines for non-compliance for GDPR?
Fines of up to 4% of global turnover of the company or £17.5 million (which ever is greater)
What are the individual rights under UK GDPR?
(submission)
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability (to use for their own purposes)
- Right to object
- Right to automated decision making and profiling (as undertaken by insurance companies)
What does the Freedom of Information Act (2000) outline?
- Gives individuals the right of access to information held by public bodies
- The public body must tell any individual requesting sight of information whether it holds it
- Normally the public body is required to supply it in 20 working days in the format requested
- It can charge for the provision of the information
What exemptions are allowed under Freedom of Information Act 2000?
Contrary to the GDPR requirements
It would prejudice a criminal matter under investigation or a persons/organisations commercial interest
How can security of data be improved?
Using firewalls, encryption and strong passwords
What is Crown Copyright?
All material created and prepared by the Government e.g. Laws & OS Mapping
What is copyright?
A set of exclusive rights granted to the author or creator of any original work, including the right to copy
Does the EU’s GDPR apply in the UK?
NO - but EU’s GDPR’s was almost entirely transcribed into UK GDPR
What is UK GDPR supplemented by?
Data Protection Act 2018
What is the Data Protection Act 2018?
Controls how your personal information is used by organisations, businesses or the government.
It gives individuals the right to access their own personal data through subject access requests and contains rules which must be followed when personal data is processed.
What are the key requirements of the DM & GDPR? CHECK
- An obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- A data controller decides how + why personal data is processed + is directly responsible for GDPR
- A new principle of ‘data accountability’ = organisations can prove to the ICO how they comply with the new regulations
- Data security breaches need to be reported to ICO within 72 hours where there is a loss of personal data + a risk of harm to individuals
- Fines to up 4% of global turnover of the company or £17.5million (whichever is the greater)
- Policed by the ICO
When do data security breaches need to be reported by and who do you report them to?
- Within 72 hours where there is a loss of personal data + risk of harm to inviduals
- Report to ICO
What is ISMS?
Information Security Management System
What data security training have you undertaken?
- Regular online information security training – KnowBe4 – 2023 Common threats, Internet threats, Your Role in Information Security
- Acceptable IT Use Policy
- Mobile Device Policy
- Information Security Policy
- Phishing Emails
Why is that information you handle valuable?
Identity theft, fraud, cyber attacks,
What does Cluttons do to keep you informed about information security issues?
- Regular emails
- staff online training
- Updates to firm policies
How do you ensure that data is stored correctly?
- Use strong passwords and two-factor authentication
- Ensure a back up your data
- Keep users groups list up to date
CHECK
What are the key principles of UK GDPR?
Article 5 of the UK GDPR sets out seven key principles which lie at the heart of the general data protection regime.
The UK GDPR sets out seven key principles:
1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability
-
Ethics, Rules of Conduct & Professionalism - Part 1: RICS Requirements147
-
Measurement53
-
Ethics, Rules of Conduct and Professionalism - Part 2: Professional Practice Issues56
-
Conflict Avoidance, Management & Dispute Resolution Procedures30
-
Health & Safety83
-
Sustainability29
-
Accounting Principles & Procedures38
-
Business Planning9
-
Case Study Questions45
-
Valuation138
-
Data Management23
-
Submission106
-
Market Appraisal13
-
Diversity, Inclusion & Team-working15
-
Valuation Examples54
-
Loan Security Valuation (Submission)48
-
Leasing and Letting64
-
Purchase and Sale100
-
Client Care10
-
Inclusive Environments14
-
Communication & Negotiation1
-
Inspection89
