THE RESIN FLOORING INDUSTRY NEEDS TO GET READY FOR GDPR
Most people are now aware that there are new regulations coming into force, concerning the way that organisations collect, hold and use personal data belonging to customers, staff and others that they might interact with.
What is not so well-known is that this is not just something that affects large companies. All businesses and individual traders who hold personal data need to make sure that they comply with the new regulations. What’s more, the date for doing so is fast approaching – the enforcement date on 25 May 2018.
The new rules were approved at a European level two years ago, 21 years after the original Data Protection Directive came into force. Since the 1990s the internet, online marketing and digital data storage have revolutionised this area. For these reasons and also due to a lack of consistency internationally, it is generally considered that the original regulations are no longer fit for purpose. Therefore the requirements are changing in all European countries.
The core principle of data protection legislation is that: “Data must be processed fairly for specified purposes, based on consent or other legitimate purposes laid down by law. Everyone has the right to access to data collected about them and the right to have any errors rectified”.
FeRFA is keen to communicate the key requirements of the new regulatory regime, so that member companies are equipped to make any necessary changes to the way they collect, handle and store customer and employee data.
One of the key requirements is that organisations can no longer make assumptions about how people want their data to be dealt with. For instance, pre-ticked opt-in boxes are not considered valid methods of consent. Individuals must now pro-actively state their agreement for their data to be held and used in particular ways. Consent for companies to handle an individual’s data must be freely given, on the basis of an opt-in and unbundled and separate from other conditions.
It is important to remember that this applies to employees, as well as customers. Companies should also ensure that internal data security is sufficient and that adequate training is provided for members of staff who handle employee and customer data. Under the legislation an employer is considered liable for the actions of its staff, and there have been instances of companies being prosecuted due to theft of personal data by an employee.
In communication with those on whom organisations hold data, valid forms of consent include: “I would like to receive emails about your products (Tick box)” or “I give my explicit consent to receiving emails about resin flooring products, and please send them to: (email address)”. Therefore resin flooring companies will be required to contact their customers and others on any mailing lists that they hold, in order to secure their active assent to hold and use their data.
The law builds in a number of further requirements, with which organisations will have to comply:
- Data retention should be transparent, including documentation of how it is held.
- The person whose data you are collecting should be informed of the reasons why you are collecting it.
- The data that is collected should be adequate, limited in scope and relevant.
- Information that is held should be accurate and up-to-date.
- It should not be retained longer than necessary.
- It should be held securely.
- The rights of those whose data is held should be protected – these rights include information, access, rectification and erasure.
Companies should consider whether they need to appoint a data protection officer within their organisations, although this is normally only required if processing of personal data is a “core activity” and carried out on a large scale. However they do need to take steps to ensure that they comply, and they may need to demonstrate their compliance to the Information Commissioner’ Office (ICO). Companies which require further information on GDPR and what they have to do now will find that information on the ICO’s website at www.ico.org.uk. There are also details on the GDPR portal at www.eugdpr.org.
CHANGES TO STATUTORY PAYMENTS FROM 1ST APRIL 2018
From April 2018, there will be a rise in the statutory rates for maternity pay, paternity pay, shared parental pay, adoption pay and sick pay.
With effect from 1 April 2018 statutory maternity, adoption, paternity and shared parental pay will rise from £140.98 to £145.18, and the weekly rate for the first 6 weeks will be 90% of the employee’s average weekly earnings.
CSCS APPROVES SAFE2SITE ONLINE COURSE
CSCS is pleased to announce that the Safe2Site online course has been approved as the latest route to the green Labourer card.
Most people in construction are familiar with the Labourer card. It’s the card that was introduced to help site managers verify that people working in Labouring occupations have achieved the RQF Level 1 (Level 4 in Scotland) Award in Health and Safety in a Construction Environment or one of the approved alternative courses, which now includes Safe2Site.
ARE YOU READY FOR GENDER PAY REPORTING?
Gender Pay Reporting legislation will come into full effect from 4 April 2018.
The legislation requires large companies with more than 250 employees across all industries to publish their gender pay gap annually. The legislation aims to increase pay transparency by reporting the overall difference in hourly pay between men and women and also look at the bonus pay gap. Read more here.
CATALYST FOR CHANGE – BUILD UK
The collapse of Carillion earlier this year, played out in front of us, shows the outcome when a major industry sector operates with a commercial model that is not fit for purpose. We have seen up close what happens when we have a combination of lowest price, inequitable transfer of contract risk, poor payment practices and inadequate governance. Read more here.