GDPR – are you ready for May 2018?

GDPR comes into effect for all EU contries

GDPR – the new old buzz word for the construction industry  

GDPR is the new old buzz word for the construction industry after the myriad of hashtags on Carillion. And while the topic of GDPR has been around for many months now, a lot of the businesses in the construction industry are not clear yet on the impact that the new rules will have on their operation. At the same time, the deadline is looming –  the General Data Protection Regulation comes into effect on 25 May 2018.

What does GDPR even mean?

General Data Protection Regulation (GDPR) is a EU regulation designed to replace the Data Protection Directive 95/46/EC to enhance all EU citizens data privacy and direct the way organisations across Europe approach, process and store data.

Does GDPR apply for construction? 

How the data is stored and transmitted has been a growing concern over time with cyber crime and data breach becoming an everyday threat. While construction is not as heavily customer-facing as many other industries are, the new rules still affect it. We do handle a lot of personal data related to contractors, subcontractors, suppliers, etc. Depending on the site specifics, personal data could be recorded even through access cards, smart systems, CCTV and reflect data as sensitive as payment details and health issues.

Are you ready to embrace the changes?

Many of the core principles of GDPR are already a part of the current DPA which provides a good basis for businesses that had already adopted it. GDPR is coming into effect on 25 May 2018 for all countries members of the EU. But bear in mind that even with the heated discussions around Brexit, UK will not be excluded from this list. With new Data Protection Bill working its way through Parliament, GDPR will be adopted in UK law for post-Brexit legislation.

 

The new regulation will probably be adopted for post-Brexit too.

 

To comply with the GDPR restrictions, personal data needs to be:

  • processed lawfully, fairly and in a transparent manner
  • collected for specific, explicit and legitimate purposes (and not used for anything else)
  • adequate, relevant and limited to what is necessary
  • accurate – every reasonable step must be taken to rectify inaccurate data without delay
  • kept in a form that permits identification for no longer than is necessary, and
  • kept secure

 

What if you are not GDPR compliant?

To protect personal data of EU residents, GDPR applies strict compliance rules and introduces penalties for non-compliance. Penalty could be 4% of the global annual turnover or £20m (whichever is higher). This is a few times higher than the current ones of £500,000 under DPA.

What do businesses need to do prior to deadline?

It is advisable that a comprehensive review is carried out on the current standard procedures on data protection and where these stand in relation to GDPR. It is recommended for organisations to think about data minimisation and requesting only the information they really need. Hence, keeping the risk of breach at a low.  

The more efficient way of handling the transition is considering a single platform solution that can optimise your business management processes and is already GDPR compliant. Using solutions such as 4PS Construct, based on Microsoft Dynamics NAV 2018, businesses can be assured that they will be compliant to the new regulations in the future.

Please get in touch, if you’d like to discuss the benefits further.

 

The following two tabs change content below.