GDPR focuses on protecting the human rights of data subjects and their right to privacy. Compliance to GDPR allows:
The GDPR deadline was May 25, 2018 – which means your operations are already expected to be in compliance. You will need processes in place to meet these 4 goals to protect your H&S department from violations and possible fines.
The GDPR defines “personal data” as information relating to a person who can be identified through an identifier such as a name, location, or a combination of identifiers (genetic, physical, cultural). Data controllers and health and safety managers working as data controllers under GDPR must have a systematic process to:
Lastly, clear and simple privacy notices must also be provided to explain data collection. GDPR aims to manage data collected from and about an individual to determine the consent, data storage, the contents of the data, who owns the data, which data can be collected (and the circumstances it can be obtained), who can or should have access to the data, and who is currently accessing the data.
Action items for Health & Safety:
The scope of GDPR varies. All EU based organizations are protected by GDPR; however, non-EU based organizations are only subject to GDPR when dealing with EU citizens and non-EU citizens physically in the European Union. Additionally, the data of deceased EU citizens is not protected under GDPR. This table below shows other instances where you may be subject to GDPR:
GDPR demands a higher level of protection for certain personal information. This special category data includes:
Health & Safety departments will likely not collect all the data mentioned, but there are types of information like Union Membership and Health that could be processed by your operations. All processing of personal data must only occur if there is a lawful reason for using the information. Any company that needs to process special category data above must check Article 9 of the GDPR to examine the requirements.
Personal data dealing with criminal convictions and offenses are also sensitive and managed separately under GDPR protections outlined in Article 10. Data controllers must ensure that additional protections are put in place to ensure that information is appropriately safeguarded if special category data is collected, stored, processed, or transmitted.
Action Items for Heath & Safety:
GDPR aims to reduce personal data breaches, fraud, identity theft, misappropriation of data, and blackmail for individuals. The larger data breaches in the past year stem from a user who had access to files they shouldn’t have been able to see in the first place. These issues are typically handed over to a data controller who is responsible for determining what data is to be collected and how it is to be processed. The person working with the data (the “data processor”) processes personal data on behalf of the controller.
For many EH&S departments, the Health & Safety team becomes the responsible persons within the organization for processing personal data under the watch of the H&S Manager acting as Data Controller. This represents a massive shift in the roles of H&S specialists within the manufacturing industry.
For full GDPR compliance all data processors are required to:
Non-compliance to GDPR regulations can result in a severe data breach harming the privacy of citizens and large fines. The consequences can include warnings, reprimands, corrective orders, smaller fines, and the maximum fine can have companies paying up to 4% of the annual global turnover or 20 million euros (whichever is greater).
The key to GDPR compliance is having a plan in place to handle and secure employee, client, and supplier data. While this might sound like a large endeavor, there are a few straightforward action items your H&S department can work on today that will move you closer to complete GDPR compliance. ERA’s Health & Safety expert, Dr. Ehsan Maghsoudi Ph.D. outlines the strategy for your Health & Safety team in a free webinar. Here’s a sample of what he will cover:
Getting access to the free webinar is simple and fast. If you’re ready to learn more about GDPR and its vital role in Health & Safety compliance, click the button below.
This Blog Was Co-Authored By: