The implementation of the General Data Protection Regulation (GDPR) established a strict set of regulatory standards governing the privacy and use of personal data by businesses in the European Union.
Construction companies process client, supplier, and employee data, so they will undoubtedly be affected by this sweeping legislation. Non-compliance can result in hefty fines, but as of now, the GDPR’s implications on global businesses are shrouded in mystery. In this article, our Jacksonville construction lawyers will examine GDPR’s affect on construction professionals in Europe, and how these regulations could affect the U.S. construction industry.
What is GDPR?
In essence, GDPR strengthens personal data protection by establishing new regulations that dictate how information like name, address, and contact details can be stored and shared by businesses. The goal is to eliminate privacy issues once and for all by instituting a firm, simplified rule set with steep financial consequences.
Seven Pillars of GDPR
GDPR aims to bolster the data protection rights of individuals by instituting seven pillars of protection:
- Consent: You must use clear language to request consent. Consent requires a positive action to be taken by the user; that means no pre-checked boxes. The process for withdrawing consent must be as simple as the process for giving consent.
- Right to be Forgotten: Individuals can contact an organization to have their data deleted from a system or amended for correctness.
- Right to Access: Any business that holds your personal data is responsible for providing copies of this information on request for no charge.
- Data Portability: Data can be obtained and reused across different services pending individual consent. Data should be stored orderly in a commonly used format like CSV.
- Privacy by Design: Data protection is the fundamental cornerstone of system and project design.
- Data Breach Notifications: Businesses must report any data breaches to the relevant agency within 72 hours if the data breach risks infringing on an individual’s rights and freedoms.
- Data protection officers (DPOs): Data protection officers must be assigned to businesses that process large swaths of data that fall into ‘special categories’.
GDPR in the United States
Although GDPR is being instituted by the EU, it will still affect U.S. businesses. We are all connected through the internet, which is where most of our data is stored. Your targeted marketing efforts may utilize personal data subject to GDPR. The World Wide Web connects us in ways that make avoiding GDPR’s extensive reach nearly impossible.
It’s too early to tell how GDPR’s implementation will affect the U.S. construction industry, but a Jacksonville construction lawyer can help you prepare for any changes to the laws regarding personal data collection on the horizon.
Disclaimer: The information contained in this article is for general educational information only. This information does not constitute legal advice, is not intended to constitute legal advice, nor should it be relied upon as legal advice for your specific factual pattern or situation.