GDPR (General Data Protection Regulation)
General Data Protection Regulation (GDPR) came into force on May 25, 2018, and was designed to modernise laws that protect the personal information of individuals. It provides greater transparency over where personal data is saved and used.
We have determined that the following lawful bases are applicable for the processing of personal data:
The Information Commissioner's Office oversees the GDPR in the UK.
There are 6 legal bases for processing personal data (Consent, Legitimate Interest, Contract, Vital Interest, Legal Obligation, Public Interest). The full legal definitions of these can be seen on the ICO website. Data stored by Building Control Surveyors Ltd (BCS) for building control applications will fall under Contractual obligations (which includes additional requirements by the CICAIR to keep records for 15 years).
Building Control Surveyors Ltd (BCS) policy and implementation of GDPR
BCS has implemented a GDPR policy which includes staff training for GDPR for the management and secure storage of information.
BCS has also undertaken a Risk Management & Governance ‘GDPR Health Check’.
Nine domain areas were assessed :
Governance, Awareness, Policies and Procedures, Data Subject Management, Third Parties, Risk Management, Security, Incident Management, and Compliance.
Following this, a nominated ‘Information Security Officer’ has been appointed to develop policy and a ‘Data Protection Officer’ to implement it.
Retrieval of information: a process has been implemented which requires written verification by the requestor before any personal information is released, in accordance with the Data Protection Act and the GDPR.
Breach of GDPR: In the event of a serious breach, BCS will inform the ICO within 72 hours (providing the name and contact details of the Data Protection Officer, a description of the likely consequences of the breach and a description of the measures proposed to deal with it). Where there is a high risk to the rights of any individual both the ICO and the individual will be informed immediately.
Further information regarding BCS’s GDPR policy can be obtained by emailing stating your request for specific information and your association to a particular project.