UK & Ireland Featured Project: NGN - Design Management

QEM Solutions are assisting NGN with Design Co-ordination activities, to ensure successful project initiation and design management of all current NGN projects.

Tell Me More...
Overseas Featured Project: Capita Symonds - Valve Inspections

QEM Solutions were contracted to carry 3rd party inspection and witnessing activities on a series of valves fabricated in Germany for a series of SGN contracts throughout Scotland.

Tell Me More...
We are QEM Solutions We are QEM Solutions

We are problem solvers. We are organisers. From the project start-up to the very final evaluations and analysis, we can bring enthusiasm to each and every part of your project.

We are problem solvers. We are organisers. From the project start-up to the very final evaluations and analysis, we can bring enthusiasm to each and every part of your project.

News Spotlight The forgotten standard: Why we can no longer ignore BS EN 80079-36

ATEX 95 (94/9/EC) & 137 (99/92/EC) required that organisations in the EU should follow the directives to protect employees from explosion risk in areas with an explosive atmosphere. They required that such organisations should carry out risk assessments on equipment located within hazardous areas for potential ignition sources. Large swathes of UK industry did nothing very much in response...

Read more...

News

Back to News
27 Apr 2018

GDPR: Don’t let the deadline pass you by

“I love deadlines. I love the whooshing noise they make as they go by.” 

So said the late Douglas Adams, who was notoriously bad at hitting them. Stephen Fry once described that the only way to get his friend writing was to sit in the author’s front room with his editor – usually crying in despair of her schedule – as Adams would hand-type one A4 sheet at a time and hand it over. We can laugh about it now, but we shouldn’t emulate the acclaimed author’s procrastination. Especially when it comes to the GDPR.

How many sleeps?

The GDPR – or General Data Protection Regulation – comes into force on 25 May 2018, so if you’re watching the Royal Wedding without having tackled it yet, you might want to check your priorities. The new legislation is not unreasonable, nor overly complicated, but will require some legwork.

The GDPR is a positive change

The GDPR will ensure that – should a company lose data or have a security breach in this age of cyber-attack – that company can accurately know its extent and be confident that it had permission to hold that data in the first place. The GDPR addresses the challenges of the digital age, where documents are held both on paper and in countless media online.

Key points to consider

  • Significantly higher fines can be imposed on organisations failing to comply
  • There’s a broader definition of what constitutes ‘personally identifiable information’
  • The rules for consent become more stringent
  • Organisations now must respond more quickly to access requests
  • Data collection management and tracking must become much more transparent
  • Accountability: organisations must be able to document how they comply with the GDPR.  

Individuals have more rights

In addition, individuals will have many more rights with regards to information held about them. They have:

  • The right to be informed.
  • The right of access.
  • The right to erasure (The right to be forgotten). This is NEW
  • The right to rectification.
  • The right to restrict processing.
  • The right to data portability. This is NEW
  • The right to object.
  • Rights in relation to automated decision making and profiling.

The Subject Access Request is key

In addition, from 25 May 2018, every individual will have the right to submit a Subject Access Request (SAR) to any organisation, business, public body or charity to find out what information is held about them. That organisation then needs to respond, within one month, with full details of what information they hold, and – crucially – why they hold it.

Every organisation has a duty

Handling information appropriately has become a telling indicator of business, organisation, or charity’s quality, an indicator that’s increasingly valued by a cyber-aware public. But – perhaps yet more compelling – is that failure to comply with the GDPR results in fines of up to 4% of global turnover. And that’s not to mention the damage to reputation and loss of public confidence. Yikes.

Start simply

The starting point for every organisation will be identify and understand what personally identifiable information they have and where it is stored. Is it backed up? Has appropriate consent been obtained and recorded? For small organisations, checking on this may quickly reveal that they have little to worry about. For more complex ones, the task is greater, but far from unmanageable.

We can help

The good news is, we can get you up to speed with the requirements of the GDPR and either prepare you for 25 May, or work on compliance after that date. Talk to us about how we can help.

Find out more