Definition

The RICS Data Management competency assesses a candidate's understanding of how data is collected, processed, stored and used in the built environment professions, and how the associated legislative and professional obligations are met. It covers the full spectrum of data activity: from gathering market evidence and building survey data, through structured storage and retrieval systems, to compliance with data protection law and information governance frameworks. The competency is assessed at Level 1 for all pathways.

Why this matters for Data Management

  • Every pathway — valuation, quantity surveying, commercial property, building surveying, project management — generates and uses data; this competency applies universally.
  • Data management failures are among the most common sources of professional indemnity claims and regulatory complaints.
  • BIM, smart buildings and proptech make data literacy increasingly central to competent professional practice.
  • UK GDPR and the Data Protection Act 2018 create legal obligations that apply to every member and firm; ignorance is not a defence.

Key principles

What the competency covers

Data Management spans four broad areas: data collection (site inspections, measured surveys, comparable evidence); data storage and retrieval (electronic databases, document management systems, Common Data Environments); data legislation and governance (UK GDPR, Data Protection Act 2018, Freedom of Information Act 2000); and data analysis and use (applying data to support professional advice and benchmarking).

The role of technology and data protection in practice

Candidates should be familiar with the principal software categories in their practice area: property and practice management systems, cost-estimating tools, document management platforms and Common Data Environments. UK GDPR applies to every surveying firm. At Level 1, candidates need to know the six data protection principles, how they apply to typical surveying scenarios, what constitutes a personal data breach and what reporting obligations apply.

Applying the competency in the assessment

The panel will typically ask the candidate to describe examples of data use, the systems used to store and retrieve it, the legislative framework, and how their firm manages governance. The strongest answers link specific real examples to principles: "In my firm we use [system] to store [data type]; access is controlled by [mechanism]; we comply with UK GDPR by [specific controls]." Generic answers score poorly.

Relevant RICS guidance and legislation

  • Data Protection Act 2018 / UK GDPR — all candidates must be able to state the six data protection principles and the circumstances in which a breach must be reported to the ICO.
  • RICS Rules of Conduct (effective 2 February 2022) — Rule 5 requires members to manage information with the skill and care expected of a chartered professional.
  • ISO 19650 series — the information management standard for BIM; relevant to candidates in construction-facing pathways.
  • Building Safety Act 2023 — introduces the golden thread requirement for higher-risk buildings; relevant to building surveying, project management and facilities management pathways.
  • Freedom of Information Act 2000 — relevant for candidates who work with public authority clients.

Ethics and Rules of Conduct angle

Data management is fundamentally an ethical matter as well as a legal one. The Respect rule requires members to treat the data of clients, colleagues and third parties with care and discretion. The Responsibility rule requires members to ensure their firm has adequate systems and controls. Competence encompasses data literacy: the Data Management competency is not just about knowing the tools — it is about demonstrating the professional judgement and values that ensure data is handled in a way that is worthy of trust.

APC-style Q&As

Q (Level 1)What does the RICS Data Management competency require at Level 1?

At Level 1, the candidate must demonstrate knowledge of how data is collected, stored and used in their practice, the electronic systems and document management processes used by their firm, the legislative framework — principally UK GDPR and the Data Protection Act 2018 — and the professional obligations that arise, discussed with reference to real examples.

Q (Level 1)Name three categories of data commonly managed by a surveying firm.

First, client and contact data — names, email addresses, financial records — which is personal data subject to UK GDPR. Second, project data — drawings, cost plans, correspondence and reports — managed through document management systems or project extranets. Third, market intelligence data — comparable transactions, rental evidence and cost benchmarks — which may be personal or non-personal depending on whether it includes named parties.

Q (Level 2)How does your firm ensure that client personal data is handled in compliance with UK GDPR?

(example) Our data protection policy sets out the lawful basis for each processing category — client data is processed under contract and legitimate interests. Access to our practice management system is controlled by role-based permissions. We have a documented retention schedule, a secure disposal procedure, annual staff training, and a defined procedure for responding to data breaches including the 72-hour ICO notification obligation.

Q (Level 2)What is the significance of ISO 19650 for data management in the construction sector?

ISO 19650 is the international standard for information management using BIM. It defines the Common Data Environment concept, the workflow states through which information passes, and roles and responsibilities for information management. For surveyors on BIM-enabled projects, it provides the framework for how Exchange Information Requirements are set, how information is shared between disciplines, and how the as-built model is handed over to the client.

Q (Level 3)A new client asks your firm to take over management of a large commercial portfolio. As part of the handover you receive a data room containing extensive tenant personal data from the outgoing managing agent. What data management obligations do you need to address immediately?

Several obligations arise immediately. First, establish the lawful basis for processing — most likely legitimate interests and legal obligation. Second, ensure all transferred data is securely stored with appropriate access controls from day one. Third, check that the data is accurate and current. Fourth, inform tenants that their data is now held by the new agent. Fifth, identify any data outside the scope of the management appointment and return or delete it. I would document each step as part of the firm's accountability record.