Image

GDPR

Discuss management systems in here, including - HS(G)65; ISO 45001; ISO 45003; ISO 14001

Moderator: Moderators

Post Reply
stephen1974
Anorak Extraordinaire
Anorak Extraordinaire
Posts: 743
Joined: Fri Aug 02, 2013 1:55 pm
10
Has thanked: 26 times
Been thanked: 202 times

GDPR

Post by stephen1974 »

I know this isn't really a health and safety issue but is anyone dealing with this? its been dumped in my lap and honestly, its simply too big for me to deal with just using the internet. The company wont spend money on any courses or outside help.

I read somewhere, and now i cant find where, that it doesn't apply to companies with less that 250 employees.
I've also read it depends on how much data you hold (in our case on customers) and it does apply if you have 'large amounts' large amounts being a vague news term with absolutely zero definition.

There is tons of information out there, but its all aimed at big business not small business. Its also very bad at explaining relevance. To much lawyer speak.

3 months to go and I dont want to waste time on this.
User avatar
Waterbaby
HSfB Moderator
HSfB Moderator
Posts: 4714
Joined: Sat Jul 23, 2011 10:53 am
12
Industry Sector: Medical
Location: Ireland
Has thanked: 216 times
Been thanked: 472 times

Re: GDPR

Post by Waterbaby »

:wave:

I have absolutely no idea but those who do might be able to help :?

I don't think this is a H&S function though .scratch

"The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998"
...

"Brexit and the GDPR

UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply, a position that has been stated by the Information Commissioner’s Office (ICO)."

https://www.itgovernance.co.uk/data-pro ... regulation

https://www.eugdpr.org/gdpr-faqs.html


Article 30, last paragraph ./thumbsup.. : http://eur-lex.europa.eu/legal-content/ ... 79&from=EN

"5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing
fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of
data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in
Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10. "

WB
#DrowningPrevention, #RespectTheWater
Mrs P
Student
Student
Posts: 23
Joined: Tue Oct 04, 2016 9:03 am
7
Twitter: @CakeTowers
Industry Sector: Local Authority
Location: Derbyshire
Been thanked: 4 times

Re: GDPR

Post by Mrs P »

Stephen,

I haven't heard anything about an employee threshold.

Have you read the guidance issue by the ICO?

https://ico.org.uk/for-organisations/gu ... tion-gdpr/

Still a lot to wade through but at least it's straight from the horse's mouth, as it were.

Mrs P
User avatar
Waterbaby
HSfB Moderator
HSfB Moderator
Posts: 4714
Joined: Sat Jul 23, 2011 10:53 am
12
Industry Sector: Medical
Location: Ireland
Has thanked: 216 times
Been thanked: 472 times

Re: GDPR

Post by Waterbaby »

../.

GDPR Customer Toolkit Guidance

"Guidance for CCS customers on the changes to CCS commercial agreements and the actions customers need to take on call-off contracts to comply with GDPR"

Published 13 April 2018
From: Crown Commercial Service

https://www.gov.uk/government/publicati ... t-guidance

WB
#DrowningPrevention, #RespectTheWater
User avatar
Jack Kane
HSfB Site Grand Shidoshi
HSfB Site Grand Shidoshi
Posts: 25074
Joined: Wed Mar 17, 2004 12:13 am
20
Twitter: https://twitter.com/hsfb
Industry Sector: Manufacturing Subsea XTs
Occupation: Senior HSE Advisor for TechnipFMC & HSfB Founder
Location: Sunny Bo'ness
Has thanked: 254 times
Been thanked: 199 times
Contact:

Re: GDPR

Post by Jack Kane »

I've been working on this quite a bit due to the data captured here on HSfB. It's a bit of a chunky project, but I'd rather that than any of our visitors feel uncomfortable about the data they give to HSfB just by being here. Now that I've been looking into it, there's quite a bit to think about. I'm going to publish how we comply with GDPR this week all being well.

I have read in more than one place that companies not complying or at least attempting to comply by the deadline will not be looked at favourably. It doesn't need to be perfect.
Image


RoSPA Awards Ambassador and Mentor #RoSPAAwards #HSfB #Proud

There is no such thing as a "stupid" or "daft" health and safety question!
User avatar
grim72
Anorak Extraordinaire
Anorak Extraordinaire
Posts: 686
Joined: Fri Aug 20, 2010 3:53 pm
13
Twitter: goodtogosafety
Industry Sector: Safety inspection systems
Location: UK
Has thanked: 4 times
Been thanked: 79 times
Contact:

Re: GDPR

Post by grim72 »

Yup I got the joyful task at looking at ours too, the more you read up on it the more you realise just how much work is involved. The general consensus is that updating your website policies is the first step as this is the only area clearly visible in the public domain. As ever when it comes to legal forms and compliance, nothing is ever as straight forward as you first hope lol.

From the perspective of companies that sell products online, it is hard to accept we will be wiping all of the valuable sales history data that we've built up over the years, unless customers re-submit their acceptance to opt-in to our holding their details etc.

But at least we have a good cleanse of our database and ensure we aren't emailing people that don't want to be emailed etc.

Feel free to have a look at our updated policy here which I think covers everything we need to: https://www.goodtogosafety.co.uk/Privacy-Policy in terms of the website.

I've had many an email request to update my subscription agreement in recent weeks and I suspect the volume of requests will only increase as we near the May deadline. It's amazing how many of them (including large corporate blue-chips) are not following the requirements of GDPR though and some saying that by not replying they'll see that as acceptance to stay in touch. I think a lot of companies will be in for a shock (depending how hard the legal firms decide to chase).
Grim72
Good to Go Safety - Providing you with a safer workplace

Before you criticize someone, you should walk a mile in his shoes. That way, when you criticize him, you're a mile away and you have his shoes
User avatar
Jack Kane
HSfB Site Grand Shidoshi
HSfB Site Grand Shidoshi
Posts: 25074
Joined: Wed Mar 17, 2004 12:13 am
20
Twitter: https://twitter.com/hsfb
Industry Sector: Manufacturing Subsea XTs
Occupation: Senior HSE Advisor for TechnipFMC & HSfB Founder
Location: Sunny Bo'ness
Has thanked: 254 times
Been thanked: 199 times
Contact:

Re: GDPR

Post by Jack Kane »

grim72 wrote: Tue Apr 24, 2018 3:36 pm From the perspective of companies that sell products online, it is hard to accept we will be wiping all of the valuable sales history data that we've built up over the years
Not necessarily Grim. From what I have understood if you can demonstrate the data you hold has been processed under at least one of the 'lawful bases' then you can maintain that data for 'no longer than is necessary'. If it's necessary for you to maintain a contractual obligation, i.e. guarantees, maintenance contracts etc, then you can justify keeping the info. If you want to keep the data but you don't need the personally identifiable data, you can anonymise the data and keep it for your own analysis. This then gives you a legitimate interest to improve your business and services to your customers.

I think :lol: .scratch
Image


RoSPA Awards Ambassador and Mentor #RoSPAAwards #HSfB #Proud

There is no such thing as a "stupid" or "daft" health and safety question!
User avatar
Jack Kane
HSfB Site Grand Shidoshi
HSfB Site Grand Shidoshi
Posts: 25074
Joined: Wed Mar 17, 2004 12:13 am
20
Twitter: https://twitter.com/hsfb
Industry Sector: Manufacturing Subsea XTs
Occupation: Senior HSE Advisor for TechnipFMC & HSfB Founder
Location: Sunny Bo'ness
Has thanked: 254 times
Been thanked: 199 times
Contact:

Re: GDPR

Post by Jack Kane »

Image


RoSPA Awards Ambassador and Mentor #RoSPAAwards #HSfB #Proud

There is no such thing as a "stupid" or "daft" health and safety question!
User avatar
grim72
Anorak Extraordinaire
Anorak Extraordinaire
Posts: 686
Joined: Fri Aug 20, 2010 3:53 pm
13
Twitter: goodtogosafety
Industry Sector: Safety inspection systems
Location: UK
Has thanked: 4 times
Been thanked: 79 times
Contact:

Re: GDPR

Post by grim72 »

Thanks for that Jack, I might need to do some extra homework. Sounds good if we can keep the data in some format or other.
Grim72
Good to Go Safety - Providing you with a safer workplace

Before you criticize someone, you should walk a mile in his shoes. That way, when you criticize him, you're a mile away and you have his shoes
User avatar
bernicarey
Anorak Extraordinaire
Anorak Extraordinaire
Posts: 8973
Joined: Tue Jan 13, 2009 2:50 am
15
Twitter: @bernicarey
Industry Sector: Consultancy/Training
Occupation: Safety, Health, Environment and Fire Consultant.
Location: The heart of the East Midlands...
Has thanked: 76 times
Been thanked: 300 times
Contact:

Re: GDPR

Post by bernicarey »

Yes Jack's right on that one, there's plenty of 'legitimate' reasons to keep data.
For example, if someone passes you a business card with their details, they have given you implied consent to contact them. You don't hand out you details unless you expect to be contacted.
The ones who are really getting it wrong are all the online companies or services, including online supermarkets etc, who are simply sending out emails asking you to agree to continue receiving their daily/weekly advert email.
www.belvoirsafety.co.uk

Tomorrow - your reward for being safe today...

Image
Post Reply

 

Access Croner-i Navigate Safety-Lite here for free

HSfB Facebook Group Follow us on Twitter Find us on Facebook Find us on on LinkedIn

Terms of Use Privacy Policy