Construction businesses should not assume that the newly adopted General Data Protection Regulation (GDPR) will not affect them. Even if you do not use construction tech and tools, you must still be cognizant of how you handle employee, customer, or supplier data. It is not uncommon for the personal data of these various parties to be exchanged between company stakeholders, and this information might be subject to GDPR scrutiny.
How is Data Recorded?
There’s a number of ways in which this type of data can be recorded. Personal project data can be collected through a construction site’s closed-circuit television (CCTV), employee access cards, construction software, wearable technology, and the smart systems of completed buildings. The GDPR protects users by giving them access to their information and the right to request the deletion of personal data in certain situations.
Lawful Basis for Processing Personal Data
Personal data can only be processed by a controller if there is a lawful basis to do so. Here are six guidelines to determine if there is a lawful basis to process someone’s data:
- Consent has been given for a specific purpose
- The data is necessary for a contract
- The data is necessary for legal compliance
- The data is necessary to protect the interests of the person for which data is being processed for
- The data is necessary to perform a task carried out in public interest
- The data is needed for a legitimate purpose
How to Avoid a Breach
Any company that fails to comply with GDPR regulation will be subject to the higher penalty of up to four percent of the company’s annual global turnover or 20 million Euros. When data processing is necessary, construction companies must be certain that they do the following:
- Process data lawfully, transparently, and fairly
- Collect only the minimum possible amount of data that your company needs to accomplish your objectives
- Keep only data that is required to be kept and delete data that is no longer needed
- Review or delete outdated or inaccurate data
- Always protect and store data securely
Disclaimer: The information contained in this article is for general educational information only. This information does not constitute legal advice, is not intended to constitute legal advice, nor should it be relied upon as legal advice for your specific factual pattern or situation.