GDPR in Construction
The construction industry is one of the most adaptable industries, for the last few decades the focus on the industry has intensified and the introduction of checks on equipment, people and work areas has improved safety across the industry.
GDPR, though not focused on construction has asked contractors to step up to the plate again. We don’t find it surprising that the question “What about GDPR” comes up in 99% of introduction meetings we carry out. Contractors have adapted very quickly to understand what areas of data are covered by GDPR and what they need to do.
During the build of SPUD we reviewed GDPR and the underpinning Data Protection Act 2018, we were able to review the law and adapt the build accordingly.
So, what did we do?
We reviewed all information that would be added to SPUD by our customers, our main focus was on the Labour Management Module as this is where the data for employees would be entered for use by the company. We noticed that most of the data covered like the personal address, National Insurance number, bank details, identification documents would all be needed by the wages department and would not be required throughout the rest of the company. We set up access for an employee to populate their personal information and then restricted view on this information to all other users by adding a GDPR switch.
When we set up a new customer we find out who is responsible for wages in the company and arrange a training session for them, during this training session we turn on the GDPR switch and train the user in use and issue of control to this area. This user is issued a password, when applying access to information to GDPR information to a user’s account this password must be used, a full audit trail shows all the users who have had access to this information and who set the access and when, the audit trail also shows if the password has every been changed.
We have managed the access but the customers still need to play their part.
We cannot take responsibility for removing the employee data, this needs to be managed by the customer, to that end we have enabled the customer to delete the users data so they can be fully compliant when an employee asks for their information to be removed.
Concrete and bricks can be the corner stone of any project but a construction company is fuelled by data, come and speak to us about how we’ve managed data and access throughout the rest of the business, we think you’ll be impressed.