GDPR – What Do Health and Safety Managers Need To Know?

Share This

GDPR – What Do Health and Safety Managers Need To Know?

In May 2018, the new General Data Protection Regulation (GDPR) comes into force in the European Union. The regulation aims to provide a stronger and more coherent data protection framework and significantly increases both the legal duties around storing personal data and the penalties for getting it wrong.

All organisations, big or small, make extensive use of electronic and non-electronic data in running their business and interacting with others. Whilst this has transformed the way we operate, the use of personal data in this way inevitably brings associated threats.

The likely impact of GDPR has been compared to the introduction of the Health and Safety at Work Act in 1974 and the change that followed, leading to the regulatory regime in which we now operate.

Like health and safety, data and cyber security are now priority issues for businesses.

Like health and safety legislation, the GDPR legislation must not be ignored.

GDPR What Do Health And Safety Managers Need To Know

Why is it relevant to Health and Safety?

Whilst all business areas will be affected by the new regulation, Health and Safety is one area that will be significantly impacted.

Your health and safety department or system probably holds a wide range of personal data, some of which is deemed as highly sensitive by the new regulation.

Employee or non-employee data such as names, job titles, home addresses and phone numbers must all be securely stored and data such as occupational health records and witness statements must be guarded even more stringently.

How to manage Health and Safety data in line with GDPR

Along with understanding the new regulation, there are several steps that Health and Safety managers need to take in advance of the regulation coming into force:

  • Understand and document your current data processes and demonstrate they meet compliance requirements.
  • Document what personal data you hold.
  • Assess the security of data stored, personal data in particular.
  • Document where data is shared with 3rd party organisations.
  • Review and define justifications for holding personal data.
  • Categorise the risk level associated with personal data held.
  • Commit to data retention policies.

You need to ensure you treat GDPR seriously

Doing everything you need to do to ensure your health and safety department remains compliant will obviously prevent the risk of prosecution but not only that, it will also help you to achieve best practice and lead the way for your peers.

If you have a question or enquiry about GDPR, please call the team on 01452 502113 or complete our enquiry form.

Find this helpful?

Signup to our email notifications to receive alerts when we publish new blogs. We promise not to spam your inbox, you will just get a short snappy intro to Health and Safety articles we think you will love.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

If you’ve got a question or query, please contact our super friendly team, they will be delighted to help you!

Simply get in touch via phone or email.
free resources download

Resources &

Informative. Useful. Practical.

Here at Envesca we believe that we are good at giving proactive, sensible and useful advice. Below you will find some free resources that you can download on a host of subjects that will help you and your business.

Training Available

Envesca offer a number of different training courses, which offer advice and guidance on these topics.

Share this article with your social Community.

Course Enquiry

To discuss your specific needs and how we can help, simply fill in the form below and we’ll be in touch.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.