Skip to main content


Hi, my name is
and I’d like to request a call-back on the following number




4 Devonshire Street


London, W1W 5DT


UK: +44 (0)20 3858 0604


[email protected]

North America



600 Third Avenue

New York



NY: +1 407 926 0260


[email protected]

From May 25 next year, the EU General Data Protection Regulation (GDPR) will come into force across the whole of Europe. This includes the UK despite the Brexit vote.

Many companies within the facilities management sector employ a lot of low-paid, transient workers. This means you’re holding a lot of personal employee data for current and past employees. This data is subject to the restrictions in the GDPR. Failure to abide by the provisions of the GDPR could result in fines of up to 4% of annual global turnover or €20 million, whichever is the larger. This level of penalty will have an enormous impact on any business and could cause smaller businesses to fold.

Why all the fuss about Data Protection?

As computers came to be more widely used, more and more companies started to store data on computer disks in large databases. Storing data in this way made it easy to access, and easy to cross reference between databases. At the same time, it made it more open to unauthorised access and misuse.

To combat the possibility of misuse, an EU Directive was issued in 1995. The UK Data Protection Act 1998 was the UK legislation enacting that Directive, setting out the rules for the use and protection of data concerning individual, identifiable people.

The EU GDPR is set to replace the 1995 Directive from 2018 and is much stronger in terms of what is demanded of companies and the penalties for failure to follow these enhanced regulations.

The GDPR puts the rights of the individual at the forefront. Everyone has a right to know what information is being held about them and for what purpose that information is being held. They have the right to have the data amended where it is incorrect and the right to opt out of direct marketing.

However, the GDPR has a much wider remit than Direct Marketing. It applies to any data held about any individual. And where any specific individual is identifiable from the data held, then it must be held securely with proper processes and procedures in place to ensure it cannot be misused.

If you are involved in HR then you are holding employees’ personal data; if you’re involved in marketing then you are holding customer and potentially, prospect data.

Is your data held safely? Can you prove you have permission to use the data you hold?

Can you afford to be complacent?

The next meeting of FMCentral, in Hemel Hempstead on 22nd March, will be addressing the impact of the EU General Data Protection Regulations on FM businesses with suggestions for actions you need to take to ensure you will be legally compliant. If you manage any form of data for marketing purposes, or staffing needs, you can’t afford to miss this event. The event is free, and you can book your place by visiting

This article first appeared in This Week in FMon 13 March 2017.


Our Services

See all
Asset & Condition Surveys
Asset, condition and facility assessment surveys
ELIAS & Data Analytics
Mobile data collection & life cycle solutions
Technical Services
Expert technical engineering solutions.
strategic asset management
Asset Management Consulting
ISO55000 & Business Focused Maintenance
compliance solutions
Compliance Solutions
Ensuring a compliant estate is critical for any property professional.
field technology
UAV's & 3DVR
Quickly and safely capture accurate data from hard to reach places.