The new General Data Protection Regulations (GDPR) comes into force on the 25th May 2018, replacing the 1995 Data Protection Directive, and placing much more stringent requirements on organisations and individuals who handle personal data.
Data handled or processed within your health and safety management systems is likely to include “personal data” e.g. names, job titles, home address, and phone numbers and “sensitive personal data” such as occupational health records and accident reports, witness statements.
GDPR extends the existing duties under the 1995 Data Protection Directive broadening the scope and handing the consumer greater control over their own personal data, and imposing harsh penalties, of up to 4% of global turnover, on organisations that fail to comply
One of the most significant differences between GDPR and the Data Protection Act, is Consent. Under the DPA, data collection does not necessarily require an individual to given advance consent or opt-in to an organisation holding and processing their data. Whereas under GDPR individuals must be provided with clear privacy notices, allowing them to make an informed decision on whether they consent to allow their data to be stored and used. This consent can then be withdrawn at any time.
Advice from the Information Commissioner (the Regulator for GDPR) is that all organisations should;
• Make themselves fully aware of the new regulations
• Identify and document current data processes,
• Document what personal data, and sensitive personal data is held;
• Define justifications for holding personal data;
• Assess and categorise the security risk level associated with personal data held
• Identify where data is shared with 3rd party organisations;
• Demonstrate that they meet compliance requirements;
GDPR is a serious issue for all involved in health and safety management, but currently there is limited specific guidance to assist compliance. Pernix Safety Management can assist in meeting these needs. Our specialist Consultants and Associates are now fully versed in the anticipated requirements of GDPR and how thee will apply to health and safety data in your organisation. Call us now to discuss how we can help you 01733 33100 / 07597793626.
|Pernix Safety Management - Director – Alan Hurst C.M.I.O.S.H
Registered Office – Peterborough, Cambs, PE3 6FB
Contact 01733 331300 / 07597 793 626 firstname.lastname@example.org