Publicada el 10 de Octubre de 2018

The advent of the EU’s General Data Protection Regulation (GDPR) has resulted in a spate of emails notifying policy changes, asking you to update your opt-in or subscription settings etc.

However, many people may be surprised to discover that the GDPR is not just about online security and protecting information. The Regulation, which came into force in the European Union on 25 May 2017, superseding the previous European Data  Act of 1988, applies to any personal data that can be used to identify a person, including name, ID, phone number etc. The Regulation provides for sizable fines against companies in breach and some of the first to suffer include tech giants Google, Facebook, Instagram, and WhatsApp, which are facing lawsuits for up to $9.3 billion in this connection.

Since an organization’s health and safety function deals with the personal information of employees, clients, contractors and even visitors, the GDPR has a significant impact on it. Any health and safety professional is likely to have dealt with some of the following areas, all likely to contain sensitive personal data:

  • Workplace accident or incident logs, potentially including witness statements
  • Health and safety training records
  • Risk evaluations, both quantitative and qualitative
  • Databases of personal accreditations
  • Workplace health assessments and pre-employment screening tests
  • Insurance claims for workplace accidents
  • Complaints or audits in the area of health or safety.

In the near future, occupational safety and health teams may need to make changes to adapt to the regulation as much of the personal data they handle will be subject to more restrictive controls because of its sensitive nature. Adapting to the regulation will probably require an approach ranging from company-wide HSE management systems to standards and policies governing safety, health, quality and environmental aspects of the workplace. Safety practitioners will have to liaise with quality staff to make sure that the requirements are built into the companies’ systems and activities.

GDPR safety professionals
Source: Unsplash | Author: Bernard Hermant

Below is a checklist of steps that need to be taken with a view to adapting to the GDPR:

  • Perform a self-assessment by running through the checklists for data controllers and processors. This should give a broad picture of how well you comply with the new data protection legislation.
  • Examine your procedures to identify those that involve personal data or which result in personal data being shared with third parties.
  • Examine whether personal data is really necessary in those cases and consider any gaps in your policies. This will provide a foundation for a detailed examination of policies, and for changing forms and data flows if necessary.
  • Examine which staff members have access to specific document types. This can be noted within the procedure or in a separate log.
  • If your organization conducts regular corporate risk assessments, you should use the same approach for personal data protection risk (e.g. complaints by former employees over inappropriate use or sharing of personal data).
  • If data is stored in hard copy format, ascertain where it is stored and who has access to it.
  • Establish a data retention policy if you do not already have one, and make sure it figures prominently among your company’s policies.

As part of the process of complying with the regulation, it is likely that you will have to address most if not all of the points listed above. An ideal approach would be to ensure that any new procedures or policies developed in the future take account of data protection requirements. Responsibility for this lies mainly with health and safety managers and quality professionals.

Even companies that already have data governance measures in place may have to perform extra work to achieve a good level of compliance. Regardless, now is a good opportunity to develop policies and implement tools and applications so as to ensure that your organization is compliant from here on.

Written by Adel Lawson the 10 de Octubre de 2018

No comments, yet

Inicia sesión

Para guardar tus lecturas y seguir en otro momento, necesitamos saber quién eres

¿Has olvidado tu contraseña?

Not registered yet?

You can also login with:

Sign up

Enter your email address and we will send you an email to activate your profile

You can also login with:

¿Has olvidado tu contraseña?

Introduce la dirección de correo electrónico con la que te registraste para recuperarla.

¿Has olvidado tu contraseña?

Password changed

Aviso

No se ha podido cambiar su contraseña de acceso.

¿Has olvidado tu contraseña?

Please, check your email to get the confirmation link

Aviso

No hay ningún usuario registrado con esa dirección de correo electrónico.

Aviso

Este usuario no tiene permitido el restablecimiento de su contraseña.

Sign up

Check your email

Please, click on this link to get advantages of having a user account

Aviso

Ya estabas registrado con este correo electrónico

Aviso

Sorry we have had a problem completing your registration, please try again. .

Aviso

Lo sentimos, pero ese código de validación ya se ha usado en el registro de una cuenta de usuario.

Complete your registration info

¿Qué te interesa?

Selecciona los temas que te interesan y te enviaremos el contenido relacionado.

How often would you like to receive updates?

Newsletter