April 25, 2018

Act now or your construction business could face a hefty GDPR fine

News Article

The General Data Protection Regulation (GDPR) is just a few weeks away – and fines for non-compliance are alarmingly high, which is why all businesses, including those operating in the construction and engineering sectors, need to act now to ensure they are fully compliant ahead of 25 May 2018.

Matthew Johnson, an Associate Solicitor with Palmers, who specialises in Commercial Law, warned: “From this date, the Information Commissioner’s Office (ICO) will have the power to issue fines of up to four per cent of global turnover, or €20 million, whichever is higher, for non-compliant businesses that have serious data breaches.”

“The GDPR poses a number of challenges for businesses relating to the ways in which they collect, store and handle any personal data they hold.

“These changes apply regardless of whether that data belongs to clients, consumers, employees, suppliers or vendors.”

All businesses must be able to demonstrate how they meet the GDPR’s new ‘Six Principles when using personal data. The data must be:

  1. Processed lawfully, fairly and in a transparent manner
  2. Collected for a specific, explicit and legitimate purpose
  3. Adequate, relevant and limited to what is necessary
  4. Accurate and kept up to date
  5. Kept for no longer than is necessary
  6. Kept secure

Matthew added: “Ahead of the GDPR’s introduction, it is important that businesses review and record the data they hold, how they obtained it and what they use it for. On top of this, they will need to check how secure the data is, who has access to it and whether it has ever been transferred outside of the business.

“As a minimum, businesses need to contact clients and customers to tell them that they hold their data. These individuals should also be given access to a privacy notice.

“The rules governing the GDPR are complex and confusing. Falling foul of them can have drastic consequences for businesses of any size.”

If your business is not already fully prepared for GDPR, you should seek urgent advice on compliance, so contact our team now for affordable solutions, guidance and documents.