The General Data Protection Regulation (GDPR), the EU’s new legislation that will replace UK Data Law, comes into force 25th May 2018. This means that time is of the essence for many organisations to ensure that all data infrastructure, cloud storage, tech policies and procedures are ready to meet the new regulations.
Organisations in the construction industry, such as Skilled Labour Services, are dealing with different types of personal data on a daily basis. Therefore, we must ensure that we are ready for the imminent changes.
What is GDPR?
GDPR is an update of the current legislation that governs the way we deal with data protection. ‘Personal data’ is defined very broadly and essentially means any information relating to an identifiable person, including personal data about people in their work lives as well as their personal lives.
The GDPR also identifies ‘special categories of personal data’. This includes personal data relating to an individual’s health, religion or trade union membership, ethnicity, gender or biometric data which can be used to identify someone. If two or more pieces of data, for example, site access cards and CCTV footage can be put together to identify an individual, it will be classed as personal data and therefore applicable to the new regulation.
Tens of thousands of organisations around the world are facing a major upheaval in the way they process data, and at 261 pages long, the GDPR includes a lot of information that many don’t fully understand. Some important things to note when it comes to GDPR include:
> Even if the organisation that you work for is not in the EU, but you sell to or work with EU customers, you will still have to comply with the Regulation.
> For certain companies, it will be mandatory to appoint a Data Protection Officer.
> Data controllers will be required to conduct privacy impact assessments where privacy breach risks are high. If a breach is discovered, they will be required to report this within 72 hours.
> Data subjects have the ‘right to be forgotten’.
As an employee, think about what personal data you hold. How do you use it? Who is it shared with? Where is it accessed from or transferred to? To be compliant with GDPR you must be transparent about the personal data that is collected and your reasons for processing it.
How Will GDPR Affect the Construction Industry?
Those working in the construction industry may feel somewhat removed from data-heavy, consumer-facing sectors, but the importance of being compliant and the security threat is just as real and the impact could be just as damaging. This is due to construction’s unique proximity to, and collaboration with, other businesses and sectors.
On typical construction projects, sensitive data is frequently exchanged with multiple immediate third-party project partners, such as architects, civil, mechanical and structural engineers, planning consultants and project managers.
Involvement in critical and sensitive infrastructure projects, for example, could make the construction sector a preferred target for security breaches as well as physical threats such as power failures and environmental hazards. However, by keeping sensitive data safe and adhering to GDPR procedures, it’s less likely that client, colleague and personal information will be compromised.
The involvement with key players in the infrastructure of any nature could make those in the construction sector a target of cyber attack not just for their own data, but also as a gateway to their clients.
The WannaCry NHS cyber-attack earlier this year, and other data breaches that regularly hit the headlines, highlight the importance of keeping data secure to avoid the reputational damage that comes with a data breach.
Taking the Right Steps
As the construction industry faces a migration towards more digitalised, integrated and complex systems, the potential impact and risk to the data being held by companies are increasing.
At Skilled Labour Services, we are taking all necessary steps to ensure that GDPR procedures are in place by 25 May 2018. To find out more information on how we are preparing for the introduction of GDPR, you can contact us.