All about the General Data Protection Regulation
Cleaning companies about GDPR: ‘We are going back to square one’
FacilityApps and Nocore, who have signed a partnership agreement to link, organized Friday afternoon February 16 an introductory afternoon on the General Data Protection Regulation (GDPR) for cleaning companies. One of the most important laws of our time, which has a major impact on cleaning companies. The law will take effect in the whole of Europe at the end of May 2018. This legislation, called the international General Data Protection Regulation (GDPR), offers citizens more protection against the improper use of their personal data. How? Among other things, by imposing stricter requirements on employers. Three speakers were invited with a lot of experience and affinity in the field of GDPR.
‘The GDPR does not give those involved much more rights, only under the Personal Data Protection Act we did not do so well’, Peter Karregat, GDPR consultant, begins. That is why the changes are big, he expects. Karregat has been invited as an expert to explain the law clearly. ‘The new law requires employers to demonstrate more explicitly regarding how they protect personal data. Otherwise, they risk high fines. “
Don’t mail, but view
For many cleaning companies, for example, it is customary for clients to issue a Declaration of Good Conduct at their request. Just scan and email – done. That was very normal up to now. The DGC is changing this. Karregat: ‘You can not just mail. It is better to invite clients if they want to view DGCs. Or, as a cleaning company, you can contractually state that everyone has an up-to-date DGC.’
Another example is that people will have to check the box ‘Do you want to receive our newsletter?’ consciously, rather than having it automatically checked. And does a client call to ask for the address of a colleague for a birthday card? Providing the address is not allowed.
Create a Register of Processing Activity
For many cleaning companies, this means a new policy. Karregat advises: write a privacy policy, include privacy in a code of conduct (what can and may employees do, and what not?), assign (if necessary) a data protection officer and make it demonstrable that you have been made aware. As in the Register of Processing Activities, which will soon be mandatory. This states which data you register from whom. But also with what purpose, how you protect them, to whom you pass them on / give insight to, and who is responsible.
Potential data leaks in facility, cleaning and buildings
Eric Kok, COO of FacilityApps, translates the law into the cleaning practice. He notes that object leaders can no longer take pictures of an ID certificate with their own phone and send it to HR via their private mail. “In this example alone there are already about five violations”, he says. ‘Because: how do you know that the object leader will remove these photos afterwards? And how does HR store the file? All of these things are potential data leaks.” According to Frank den Dungen, quality consultant at Nocore, who gave a presentation on behalf of Nocore about the quality management system (QMS) and GDPR, a data leak is often a consciousness error:” We can help with that.”
Cleaning companies: “Going back to square one”
Yet it was a bit of a shock for the many cleaning companies present. “We are going back to square one ‘, was noted. FacilityApps and Nocore customers do not have to worry too much. The two companies guarantee that their software is compliant. In addition, they guide their customers to the new GDPR. Although every cleaning company will eventually have to do it themselves.
Download presentations on GDPR for workforce management
Click on the links and you can indicate which presentation you would like to receive/download.
- Presentation GDPR Specialist Peter Karregat
- Presentation Eric Kok about GDPR in cleaning
- Presentation Frank van den Dungen (Nocore)
- Example template register processing activities
If you want to contact one of the gentleman above, please fill out our contact form. We are happy to answer questions about GDPR.
