Definition

In an APC context, data use within a business means the systematic collection, processing, storage and application of information to improve decision-making, deliver client services and manage performance. This spans operational data (project records, client files, fee income) and analytical data (market intelligence, benchmarking, trend analysis). The Information Commissioner's Office distinguishes between personal data — relating to identified or identifiable individuals — and non-personal data such as market statistics; personal data carries specific legal obligations under UK GDPR.

Why this matters for Data Management

  • Level 1 knowledge: you must be able to describe how data is used in your firm and identify the categories of data that flow through your own work.
  • Data-driven practice is increasingly expected by sophisticated clients; using data to support recommendations and benchmarking distinguishes strong candidates.
  • Poor data governance creates professional indemnity risk, regulatory risk under UK GDPR, and reputational risk.
  • Assessors are interested in how the candidate's firm handles data, not just how data is used on individual instructions.

Key principles

Operational and market intelligence uses

Every surveying business generates operational data daily: time and costs recorded against projects, programme milestones tracked, service charge accounts reconciled and cost databases maintained from tender returns. Firms also aggregate data across instructions to develop market intelligence — rental value indices, yield movements and cost benchmarks — to support client advisory work. Keeping this data current, attributing sources, and not using personal data without consent are important disciplines.

Performance management and KPIs

Surveying businesses track key performance indicators such as fee recovery rates, client satisfaction scores and project delivery against programme through practice management systems. These metrics inform decisions on resource allocation and service quality. The ability to interpret KPI data is increasingly expected of senior candidates in project and facilities management pathways.

Data governance within the business

A data governance framework sets out how the firm collects, stores, protects and disposes of data. It includes a data protection policy, a register of processing activities (required under UK GDPR), a retention schedule, an information security policy and procedures for responding to subject access requests and data breaches. It should also define data ownership and set standards for data quality. Smaller firms without a dedicated data protection officer must still comply with these obligations.

Relevant RICS guidance and legislation

  • Data Protection Act 2018 / UK GDPR — the primary legal framework for any personal data held within the business; requires lawful processing, data minimisation, security and retention controls.
  • RICS Rules of Conduct (effective 2 February 2022) — Rule 5 encompasses the duty to manage information competently; Rule 4 is relevant where personal data about individuals is involved.
  • Information Commissioner's Office (ICO) guidance — practical regulatory guidance on accountability, security and data subject rights.
  • ISO/IEC 27001 — information security management standard increasingly required by clients as a condition of appointment.

Ethics and Rules of Conduct angle

The Responsibility rule requires firms to have controls that protect client data and comply with the law. The Honesty and Integrity rule applies to how data is used: using client data for purposes beyond those for which it was provided — for example, using transaction data for proprietary research without consent — would be a breach of trust and a potential GDPR violation. A firm that cannot manage its data well cannot serve its clients well.

APC-style Q&As

Q (Level 1)Give three ways data can be used within a surveying business.

First, operational project management — tracking programme, costs and correspondence on live instructions. Second, market intelligence — aggregating comparable transaction data to produce valuation evidence or market commentary. Third, business performance — monitoring KPIs such as fee recovery and resource utilisation to inform management decisions.

Q (Level 1)What is a data governance framework?

A data governance framework is the set of policies, procedures and controls a business uses to manage its data: how data is collected, stored, who is responsible for its accuracy, how long it is retained, how it is protected, and how the business responds to data breaches or subject access requests. Under UK GDPR, organisations must be able to demonstrate accountability for the personal data they hold.

Q (Level 2)How does your firm use data to manage its own performance?

(example) Our practice management system tracks time recorded against each instruction and compares it to the fee budget, generating a utilisation report reviewed monthly by the directors. Client satisfaction scores are collated quarterly to inform service improvement. For project management instructions, we track programme milestones against baseline and report variances to the client monthly.

Q (Level 2)What must a surveying firm do when it receives a subject access request from a client?

Under UK GDPR, a data subject has the right to request a copy of all personal data held about them. The firm must respond within one month, including all personal data held across systems but without revealing confidential data about third parties. The deadline can be extended by two months for complex requests, provided the requester is informed within the first month.

Q (Level 3)Your firm wishes to use anonymised project cost data from client instructions to develop a proprietary benchmarking tool. What issues do you need to consider before proceeding?

The first question is whether the data is truly anonymised: if individual records can be re-identified, UK GDPR applies. I would review our engagement letters to confirm whether terms permit use of project data for internal purposes, and check whether confidentiality obligations preclude such use. If satisfied that the use is lawful, I would document the lawful basis and the anonymisation methodology to demonstrate accountability.