GDPR – an overview for contractors

The EU’s data protection law, designed to provide EU citizens with more control over the information companies hold about them, came into force in May 2018. There remains a lack of knowledge about what it is and who it affects and according to a Hiscox survey amongst SMEs, over a third (39%) do not know who GDPR affects. In addition, a further 10% of SMEs don’t think that consumers have any new rights following the introduction of GDPR. As the future of the construction sector lies in data, it’s extremely important for anyone in the industry to understand the legalities and impact of not complying. If you’re unsure what GDPR is and how it impacts on your company, you’ve come to the right place.

What is GDPR all about?

GDPR relates to how you gather and handle personal data. Personal data could be defined as every single piece of information that can lead to the identification of an individual, directly or indirectly, and includes:

1. Name and contact details.
2. Address.
3. Personal identification number.
4. Cookie strings.
5. IP address.

The construction industry uses a huge amount of personal data and sometimes without knowing. Construction companies and organisations accumulate data related to their suppliers, workers, clients and every other party that they collaborate with. From collecting data through construction site CCTV footage and access cards, to construction software, there are several ways that personal data can be gathered. Some sensitive data, such as information regarding a person’s origin or trade union membership, might be extremely important when someone is working onsite but it should be well protected by any type of breach or mishandling. The introduction of GDPR was to ensure a more secure and transparent management of collected data.

What you need to comply with

There are six main standards you should comply with:

1. Transparency and lawfulness – you must have a lawful, fair and transparent process when dealing with personal data.
2. Purpose – there must be a specific and legitimate reason behind the collection and the processing of the data. Essentially, this means you need to detail why you are gathering the data and what you are going to do with it.
3. Minimisation – You should collect the minimum possible amount of data that you need with regards to your purpose, and only keep the data that it is necessary.
4. Accuracy – Personal data should be precise and continuously updated. Data that is outdated should be reviewed or deleted.
5. Storage – as soon as the data is no longer necessary for your purpose, it should be deleted.
6. Confidentiality and integrity – data should be stored in a secure manner.

How to comply with the standards

It’s not too late to comply and there are some simple measures you can put in place:

• One of the main ways of complying with these standards is by having a data protection policy, which is reviewed and updated regularly, and communicated well with staff.
• Consider what you have and where it is stored, what the risk to that data is and what you are doing about the risk. Clear and transparent processes is the key to success when we are talking about GDPR compliance.
• Ensure that staff know that compliance with the GDPR is everyone’s responsibility and encourage them to take an active role in ensuring compliance.
• Review and strengthen your security processes. For example, when members of staff leave, are there procedures to prevent them from logging on to office systems and gaining access to data.
• Run regular training for staff. Handling data is a skill and regular sessions to update staff should be ongoing.

Why it’s important

A GDPR breach can significantly damage your company’s reputation and financial state, with heavy fines imposed for non-compliance. This could lead many of your customers to change contractors and it could harm the long-term strategy of your firm.

How we can help

A GDPR policy is often requested at the PQQ stage and it is one of the pieces of information we collect and verify through SafePQQ. From working with over 30,000 contractors across the UK, we know that undertaking multiple PQQs can be a daunting prospect. Let us lighten your load.

Through SafePQQ you simply need to sign up and submit your details on our online contractor management system, once a year. This reduces the need to provide compliance information to various clients at different times to win new business – saving you time and money.

Through SafeContractor and SafePQQ, you can demonstrate to hundreds of the country’s biggest companies that you’re a good company to work with, and we will do everything we can to help get that message out there.

Call 0330 127 2465 to join our community of businesses who want to work and grow together, without compromising safety, sustainability, or ethics.