Leighton act in accordance with the General Data Protection Regulation principles governing the processing of personal data which are listed below:
1. It will be processed lawfully, fairly and in a transparent manner
2. It will be obtained only for specified, explicit and legitimate purposes and will not be processed in any manner incompatible with those purposes
3. It will be adequate, relevant and limited to the purposes for which it is processed
4. It will be accurate and, where necessary, kept up to date
5. It will be kept for no longer than is necessary for the purposes for which it is processed
6. It will be protected from unlawful processing, accidental loss, destruction or damage in accordance with the rights of data subjects under the Regulation
7. There will be overall governance and accountability for processing of all personal data.
Principles of Data Quality
All customers, clients and colleagues have the right to review data held about them, to complain if that data is inaccurate and to ask for it to be amended.
The principles of data quality derive from the General Data Protection Regulation. In particular the Regulation states that personal data shall be accurate, and where necessary, kept up to date. In :order to comply with the GDPR, you should take the following action;
· take reasonable care to ensure the accuracy of any personal data you obtain
· ensure that the source of any personal data is clear
· carefully consider any challenges to the accuracy of information
· consider whether it is necessary to update the information
Data validation is also a mandatory requirement of Leighton's ISO27001 certification.
Core dimensions of Data Quality
The six core dimensions of data quality as defined by the DAMA UK Working Group on "Data Quality Dimensions" are;
Missing, incomplete or invalid data records can reduce the quality of the information created within it
It is important that you undertake validation checks monthly to ensure duplication is not occurring. The validation process documents the action to be taken should duplication become apparent
Data should be recorded as quickly as possible after the event and must be available quickly enough and frequently enough to support the associated requirement for information
For records to be considered valid and used as evidence, they must be;
- Authentic - i.e. what they claim to be, created or sent by the person claimed to have created them and at the time claimed
- Reliable - i.e. trusted to be full and accurate representations of the business transaction or event
- Integral - i.e. complete and unaltered
- Usable - i.e. locatable, retrievable, presentable, interpretable, CIA, i.e. must ensure confidentiality, integrity and be accessible by all authorised colleagues
Data should be sufficiently accurate for its intended purposes, representing clearly and in enough detail the interaction provided at the point of activity. Data should be captured once only and recorded with sufficient accuracy for its intended purpose, although it may have multiple uses. Reported information that is based on accurate data also provides a fair picture of performance and should enable informed decision making.
The GDPR does not have a definition of "accurate" but it states that information is inaccurate if it is incorrect or misleading as to any matter of fact. if there has been an error or mistake then it is acceptable to record this fact, provided it is also shown that the error or mistake has since been rectified.
Above all it is imperative that all colleagues recognise that records are fixed in time, in that they are the output of and therefore evidence of a particular transaction or event. If the information contained in a record is utilised and changed as part of another action the result will produce a new record of a new event or transaction.
All records within Leighton will contain common features regardless of what the records relate to:
- Content - i.e. information on the subject matter
- Context relating to the business process of which the record is a part
- Structure - i.e. the format of the record
Data should reflect stable and consistent data collection processes across collection points and over time, whether using manual or computer based systems, or a combination of both.
Managers and stakeholders should be confident that progress towards a Key Performance Indicator reflects real changes in performance and is not a result of an amended data collection approach or method.
Data captured should be relevant for the purpose in which it is used. This entails periodic review of requirements to reflect changing needs. It may be necessary to capture data at the point of activity which is relevant only for other purposes, rather than for the current scenario.
Do not collect data unless you can justify it. You may need to explain why information is relevant.
Paper vs Electronic records
It must be remembered in both scenarios that a record can be more than a single document such as a contract. Records are a collection of related documents, for example all of the documentation relating to a contract including correspondence, initial offers, which are managed together and "fixed" as the definitive records at some point in time, perhaps, when the contract is agreed or completed. A good example within Leighton are the personnel files.
Paper records provide information just as important as electronic records yet are often managed differently. The structure of a paper based filing system must be as closely managed as that of an electronic records management system. Access may be easier to manage within an electronic system, but it is just as important to maintain confidentiality, integrity and accessibility within a paper based filing system.
Carry out spot checks monthly to ensure the continuation of data quality and data capture processes and to measure the effectiveness of any corrective action taken.
Responsibilities for Data Quality
All colleagues are responsible for the service they provide and the associated data they collect and record, whether they are service providers or have an operational or administrative role.
Individual departments should ensure that data is accurate, timely and has been validated.
All colleagues should be aware of and adhere to Leighton policies around data quality, information governance and customer, supplier and colleague records management, both electronic and paper based, which are available within Leighton.
1. How many principles does the General Data Protection Regulation contain?
2. How many core dimensions of data quality were defined by the DAMA UK Working Group?
3. How can you maintain the quality of your data?
- You can't maintain quality unless you create it
- Don't keep paper records
- Carry out regular spot checks
- I don't know
4. Which are the core dimensions? (please select all that apply)