Definition

An electronic database system is a structured collection of data stored electronically and managed by a database management system (DBMS), allowing authorised users to create, read, update and delete records in a controlled way. In a surveying context, databases hold comparable transaction records, asset registers, cost benchmarks and client contact data. The most widely used type is the relational database, in which data is organised into linked tables queried using SQL. As noted by the Information Commissioner's Office, any database containing personal data is subject to UK GDPR and the Data Protection Act 2018.

Why this matters for Data Management

  • Level 1 knowledge: you must be able to describe what an electronic database is, give examples from your practice, and explain why it is preferable to unstructured storage such as email or spreadsheets.
  • Well-managed databases support consistent professional processes and reduce the risk of decisions being made on incomplete or out-of-date information.
  • Data protection law applies to any database holding personal data, making compliance awareness essential for all surveyors.
  • Assessors may ask candidates to describe the database systems used in their firm and the data governance controls applied to them.

Key principles

Types of database used in surveying practice

Relational databases — data held in linked tables and queried using SQL — are most common in enterprise property management systems such as Yardi, MRI and Tramps, managing lease data, rent schedules and asset registers. Document management databases store unstructured content such as drawings and correspondence. Geographic information systems (GIS) link property data to spatial coordinates. Smaller firms often use cloud-based equivalents for bespoke internal datasets.

Data integrity and quality

A database is only as reliable as the data it contains. Data integrity controls — validation rules, mandatory fields, referential integrity between linked tables — reduce the risk of erroneous records. Regular audits and clear data entry standards are part of good information governance. Professional advice based on database-held comparables is only as reliable as the underlying records.

Access control, security and retention

Role-based access ensures users can only view and edit the records they need, meeting UK GDPR requirements and professional risk management obligations. Encryption of data at rest and in transit, regular backups and a tested recovery procedure are further security controls. UK GDPR's storage limitation principle requires that personal data is not retained for longer than necessary; firms should maintain a documented retention schedule and a secure disposal procedure for records that have reached the end of their retention period.

Relevant RICS guidance and legislation

  • Data Protection Act 2018 / UK GDPR — the primary legislative framework governing any database holding personal data; applies to its design, operation and disposal.
  • RICS Rules of Conduct (effective 2 February 2022) — Rule 5 requires members to manage information systems with appropriate skill and maintain proper records.
  • Information Commissioner's Office (ICO) guidance — the regulator's guidance on security, retention and access provides the operational framework for GDPR compliance.
  • ISO/IEC 27001 — the international information security management standard; increasingly required by public sector clients as a condition of appointment.

Ethics and Rules of Conduct angle

Managing electronic databases responsibly is a matter of both Competence and Responsibility under the RICS Rules of Conduct. A surveyor who allows client data to be held insecurely, retained beyond its lawful period or accessed by unauthorised parties is in breach of their professional duty and potentially the Data Protection Act 2018. The Honesty and Integrity rule also applies: altering records to present a misleading picture would be a serious disciplinary matter.

APC-style Q&As

Q (Level 1)What is an electronic database system?

An electronic database system is a structured collection of data managed electronically by a database management system, allowing authorised users to store, retrieve, update and delete records in an organised way. In surveying practice, databases hold information such as property comparables, asset registers, lease data and client records.

Q (Level 1)What is the difference between a relational database and a document management database?

A relational database organises data in linked tables queried using SQL, suited to structured data such as rent schedules and lease terms. A document management database stores unstructured content — reports, drawings, correspondence — retrieved through metadata and search. Both types are used in surveying practice, often alongside each other.

Q (Level 2)What controls should a surveying firm apply to a database holding client personal data?

The firm should implement role-based access permissions; encrypt data at rest and in transit; maintain regular tested backups; enforce a documented retention schedule; and have a secure disposal procedure. A data protection impact assessment should be carried out if processing is likely to result in high risk to individuals. These measures reflect the UK GDPR obligation to implement appropriate technical and organisational security measures.

Q (Level 2)How does data integrity affect the reliability of professional advice based on database evidence?

Professional advice is only as reliable as the data underpinning it. If a comparables database contains errors — wrong dates, incorrect prices or missing lease adjustments — the resulting advice may be materially wrong. Validation rules and regular audits reduce this risk. The surveyor must not present database outputs as definitive without independent verification of key records.

Q (Level 3)Your firm's property management database has suffered a cyber incident and client personal data may have been accessed without authority. What are your immediate obligations?

Under the Data Protection Act 2018, a personal data breach likely to result in a risk to individuals' rights and freedoms must be reported to the ICO within 72 hours; if the risk is high, affected individuals must also be notified. I would immediately involve the firm's data protection officer, begin an incident log recording what data was affected and the remediation steps taken, and consider notifying the professional indemnity insurer. The response must be documented throughout to demonstrate accountability.