By Catriona Lingwood, Chief Executive of Constructing Excellence in the North East
General Data Protection Regulation (GDPR), we’ve known it was coming for so long, but that still didn’t stop the tidal wave of GDPR emails over the last 2 weeks. Email after email of people asking you to opt in, informing you of new policy updates, covering off everything they could possibly think of, most of which are probably unnecessary, but I get it, it is an important regulation change and its best to protect yourself in every way you can.
GDPR came into effect on 25 May and reformed our domestic law on how UK businesses collect and process personal data. The new regulation impacts everything from design models to supply chain databases. By now you should have done all the necessary research to make sure all the processes and policies in your company are complying with the new rules.
The industry is using a lot of personal data which is normally part of a building project’s development. There’s a number of ways in which the industry collects and records data, through construction site CCTV footage and access cards, wearable technology, and smart systems.
If you’re wondering whether your GDPR-compliant, Construction News has released a good check list of essential considerations to make sure you’re adhering to the new regulations.
Lawful basis for processing data – A lawful, fair and transparent process of the personal data is required. Most lawful bases require that your processing is ‘necessary’. One of the main reasons for lawful basis for data processing is consent. Consent must now be given freely and specifically, we can no longer use silence or pre-ticked boxes as a form consent … hence all the emails.
Review agreements with third parties – Businesses must now consider data protection and privacy at the design stages of a project and ensure data protection rights are protected throughout the process.
Awareness and training – Raising awareness among staff is one of the easiest ways to ensure your business is complaint. If everyone knows what’s expected of them, the new procedure can be effectively implemented throughout the workforce.
Data breaches – There’s now an obligation for all organisations to report types of data breaches. You need to make sure you have the right detection, investigation and internal reporting procedures in place. You must report the breach within 72 hours of becoming aware of it. Failure to report can result in a fine.
If you are still not convinced about the impact that GDPR will have on the way that you manage data, take a look at the consequences, they really aren’t messing around. The potential penalties for breaching GDPR are fines of 4% of global turnover or €20,000,000 (whichever is the greater) and those who are affected may also be able to bring a claim for compensation (and there is no fixed upper limit on what their level of compensation may be) – so they’re certainly breaches you can’t afford to be making!
For more information on Constructing Excellence in the North East, please contact chief executive, Catriona Lingwood, on 0191 500 7880 or email firstname.lastname@example.org.