From May 25 next year, the EU General Data Protection Regulation (GDPR) will come into force across the whole of Europe. This includes the UK despite the Brexit vote.
Many companies within the facilities management sector employ a lot of low-paid, transient workers. This means you’re holding a lot of personal employee data for current and past employees. This data is subject to the restrictions in the GDPR. Failure to abide by the provisions of the GDPR could result in fines of up to 4% of annual global turnover or €20 million, whichever is the larger. This level of penalty will have an enormous impact on any business and could cause smaller businesses to fold.
Why all the fuss about Data Protection?
As computers came to be more widely used, more and more companies started to store data on computer disks in large databases. Storing data in this way made it easy to access, and easy to cross reference between databases. At the same time, it made it more open to unauthorised access and misuse.
To combat the possibility of misuse, an EU Directive was issued in 1995. The UK Data Protection Act 1998 was the UK legislation enacting that Directive, setting out the rules for the use and protection of data concerning individual, identifiable people.
The EU GDPR is set to replace the 1995 Directive from 2018 and is much stronger in terms of what is demanded of companies and the penalties for failure to follow these enhanced regulations.
The GDPR puts the rights of the individual at the forefront. Everyone has a right to know what information is being held about them and for what purpose that information is being held. They have the right to have the data amended where it is incorrect and the right to opt out of direct marketing.
However, the GDPR has a much wider remit than Direct Marketing. It applies to any data held about any individual. And where any specific individual is identifiable from the data held, then it must be held securely with proper processes and procedures in place to ensure it cannot be misused.
If you are involved in HR then you are holding employees’ personal data; if you’re involved in marketing then you are holding customer and potentially, prospect data.
Is your data held safely? Can you prove you have permission to use the data you hold?
Can you afford to be complacent?
The next meeting of FMCentral, in Hemel Hempstead on 22nd March, will be addressing the impact of the EU General Data Protection Regulations on FM businesses with suggestions for actions you need to take to ensure you will be legally compliant. If you manage any form of data for marketing purposes, or staffing needs, you can’t afford to miss this event. The event is free, and you can book your place by visiting www.fmcentral.co.uk.