During this post we’ll run through some practice questions and answers focussed on the Data Management Competency. With the introduction of updated GDPR legislation, the way that our data is managed is now under much greater scrutiny. As a chartered surveyor you will have an opportunity to setup in private practice and the assessment panel will look for reassurance that you have a basic understanding of key legislation on how data should be management. This competency is applicable to all APC candidates and is required up to Level 1 meaning that candidates must demonstrate an awareness and basic understanding of data management concepts. From my experience of helping colleagues pass their APC over the last 9 years, I compiled the following questions & answers based on past interviews and really hope this helps candidates feel better prepared for their final assessment interview.
The following Questions & Answers are focussed on the Data Management Competency and I really hope you find this a useful revision tool.
Question) What is your understanding of the term Confidentiality?
Answer) Confidentiality is where information is protected from unauthorised access or disclosure. Confidentiality agreements such as non disclosure agreements can ensure that sensitive data can only be accessed by those who are authorised to do so. They can also restrict who is able to view this information and prevent it from being accessed or shared to unintended parties. It is important for chartered surveyors to be aware of as they may be required to access sensitive client information or intellectual property without this being revealed to their competitors.
Question) What is your understanding of the term ‘Meta Data’ and why is this important?
Answer) Meta Data is information about a specific piece of data for example when a photo is shared it may contain meta data on the location of where the photo was taken, the person who took the photo, the date the photo was taken on, its file size and the device it was taken on. As chartered surveyors, we must ensure that this meta data is afforded the same level of care as all other confidential data. In a scenario where we are sharing a document or removing confidential components of a document we should ensure that any confidential meta data is not shared inadvertently.
Question) Can you please explain your understanding of the term intellectual property?
Answer) Intellectual Property are the legal rights of creators and owners of songs, books, videos, photos and designs. These rights allow their creators to control the use and ownership of the original works in order to benefit financially and morally by protecting against its unauthorised use. It is important to consider that work generally created by an employee usually belongs to their employer unless copyrights are put in place. It is common within construction for a client to be granted license for use and reproduction of copyright material which should be clearly defined. This could be the right to use a particular design produced by a subcontracting specialist who retains control of the original copyright.
Question) Can you please explain your understanding of the Freedom of Information Act?
Answer) The Freedom of Information Act is the primary piece of UK legislation that grants members of the public the right to access information held by public authorities. Certain information has to be circulated through publication schemes and this aims to promote transparency of information and increase the accountability of government owned institutions that act in the public’s interest. These institutions may include government planning departments, schools, hospitals, police forces or local councils.
Question) Can you please explain the benefits of cloud based storage systems?
Answer) Key advantages of cloud based storage systems include the following:-
- Information can be backed up securely on encrypted servers.
- Accessibility can be managed via online settings.
- Cloud systems are often cheaper than the costs of physically storing and managing files.
- It is convenient to send and share files online instead of mailing physical copies.
- Cloud systems are more environmentally friendly.
- Multiple users can access the same documents simultaneously.
- Online sharing of documents can increase collaboration.
- Documents and folder systems can be synchronised.
Question) What is the meaning of a non disclosure agreement?
Answer) Non disclosure agreements are used to protect against the disclosure or sharing of any confidential data. Prior to the confidential data being shared with a recipient, clients will typically request that the recipient signs up to an NDA. They are often used when confidential, sensitive, innovative or intellectual property information is being shared to prevent this information being used by competitors.
Question) If two separate departments within your firm were working for two rival companies how would you ensure that your client’s sensitive data was managed?
Answer) In the first instance I would make the client aware of the risks involved and check their understanding around the conflict of interest. After making the client aware of this and assuming they wanted to continue with the appointment, I would seek to obtain a letter of instruction to continue. Exclusivity of staff between departments would need to be arranged to ensure there is no cross over of personnel working for both clients. The use of non disclosure agreements would need to be considered in addition to ensuring separate working locations are designated for each of the teams. Secure document and data storage would need to be arranged that would be used exclusively for each of the separate teams with their access managed accordingly.
Question) What is the Data Protection Act 2018?
Answer) The act replaced previous 1998 legislation and manages how personal data is processed by organisations and the government. It is the primary piece of legislation in the UK and allows for implementation of the EU General Data Protection Regulations (GDPR) which came into effect in May, 2018. It aims to protect the personal data and privacy of individuals within the EU and stipulates how organisations collect, process, store and share this data. This is an important piece of legislation for chartered surveyors to be aware of as surveying firms collect, process and store a large amount of client information. If GDPR legislation is breached, fines can be applied up to a value of €20 million or 4% of a firms global annual turnover whichever is higher.
Question) What are the key principles of the Data Protection Act 2018?
Answer) The key principles of GDPR are to ensure that data is:-
- Used fairly, lawfully and transparently.
- Used in a way that is adequate, relevant and limited to only the purpose it is intended.
- Not be retained longer than is necessary.
- Processed securely including the protection against unlawful use, loss or destruction.
- Should be accurate and kept up to date.
Question) Who are the key persons outlined within GDPR?
Answer) Key persons include:-
- The controller – The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller.
- The Processor – A natural person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor.
- The Data Protection Officer – is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy and its implementation.
Question) What are the 8 individual rights under GDPR?
Answer) An individuals rights under GDPR include:-
- The right to be informed.
- The right of access.
- The right of rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right of automated decision making and profiling.
Question) What different sources of information do you use in your day-to-day surveying?
Answer) The different sources of information I use include:-
- RICS Guidance Notes.
- Contract Documentation.
- Previous Tenders.
- Cost Plans.
- Valuation data.
- Industry Journals.
- Specialist sub-contractor information.
- Design information & drawings.
Question) How do you manage these sources of information to ensure compliance with data legislation?
Answer) If signed up to an NDA with a client I ensure complete confidentiality and am not able to talk about these projects with colleagues who are not party to the project. I use lockable and secure document storage for hard copy documents. The electronic information is kept securely on encrypted servers. I am always sure to lock my computer when away from my desk and comply with my firms IT security policies, for example attendance at cyber security courses and regularly updating my passwords. If I am sharing or processing information not available in the public domain from a previous project, I always obtain the clients written permission to do so.
Question) How do companies ensure compliance with the Data Protection legislation generally?
Answer) They should only retain data they need to perform their day-to-day operations. If they are retaining someone’s data they should ensure the person is kept informed and advised on why they have it. They should hold the data securely and also keep the information up to date and delete information they no longer need.
RICS APC STUDY GUIDES
