Understanding Your Responsibilities With Online Inductions and GDPR

At SeaRoc we take our legal responsibilities very seriously. We have taken a number of steps to ensure that all of our products, services and correspondence with customers and suppliers fall in line with the new, and stringent, GDPR. The GDPR transition has been tough for all, but we have conducted it through an effective and reliable process, and we encourage all of our clients to do the same with their own suppliers, in order to counteract potentially costly, disruptive and protracted legal actions.

Our software is geared towards making a large project more secure and effective, with everything from online inductions, through work permits,asset and personnel tracking and other processes, all through a single application that can be used to manage one or multiple projects. With many aspects of our service, especially providing access to online inductions to contractors and employees visiting a potentially hazardous site, or utilising specialist equipment and materials, we had to ensure that our processes comply with GDPR.

GDPR (the EU General Data Protection Regulation) came into effect on 25th May 2018, and is a significant change to the previous regulations related to data privacy and how companies process personal data. GDPR is intended to harmonise data privacy laws across Europe and applies to not only EU-based business and organisations, but also those registered outside of the EU but offer goods and services to EU citizens, or monitor the behaviour of EU data subjects. Any company that processes personal data within the EU – including storage - must adhere to GDPR, whether the data relates to employees, customers or suppliers.

Personal data can be defined as any information relating to a person that can be used to identify that person directly or indirectly. This includes a full name, address, email address, photo, bank details, medical information and other sensitive information that a company might hold. With the digital world changing at a fast pace, it was important that there was a large-scale and coordinated effort to regulate data processing and storage in order to give the individual greater control, and a say, in how data is being stored and to help prevent large-scale data theft.

There are significant penalties for companies failing to comply with the new GDPR, including a find of up to 4% of annual global turnover (or €20 million), €10 million or 2% of annual global turnover, whichever is the greater.

There is so much information that is required during a project we are involved with that we have developed core processes to deal with data privacy, storage and processing over the years. Client data protection has always been a key component of how we work as an organisation, and it is more than just compliance with the law. We believe it is best practice for all of our personnel and clients to understand that we are fully committed to the key data protection principles, which list as:

1. Lawful, fair, transparent
2. Purpose Limitation
3. Data Minimisation
4. Storage Limitation
5. Accuracy
6. Security
7. Accountability

GDPR has been created to ensure that personal data is only used for the intended purpose, and nothing else. For SeaRoc, this means that all offshore and onshore projects have collected data that is relevant to specific project points. So for instance, personnel working as contractors will be required to provide us with:

• Next of kin information
• Phone numbers
• Medical details

This information is crucial in the event of an accident on site, or where there is a requirement for fast and accurate support. This is important due to the type of projects that SeaRoc is involved with, with potential hazards a daily challenge.

We provide a wide range of functionality in our product to help our clients adhere to data protection principles. For example, at the conclusion of a project we provide the ability to delete large quantities of site-related data. We also have built-in features to respond to data subject rights, such as the right to erasure ‘the right to be forgotten’, and ‘Subject Access Request’. This also includes a transparency of the process, allowing for fast and simple access from client requests. In total, the processes must be transparent, effective, and unambiguous in order for quick confirmation that a request has been dealt with by an administrator. We believe that we have installed this level of detail and care within our system.

Our SitePlanner and SeaPlanner products have been hugely beneficial to our clients in helping to create a strong framework that offers flexibility and effective management of all aspects of a large project. Our clients are often dealing with multiple locations, assets, delicate equipment and large numbers of contractors of both a short-term and long-term nature. They allow our clients to track and record assets, manage locations, but also to deliver effective inductions and permit to work accreditations, all within a single, simple-to-use system. In terms of online inductions and the conditions of GDPR on all companies in every industry in the last year, it is important to understand where your company sits in terms of processes relating to data privacy, and how our services and online inductions can slot easily and securely within that framework.

For more information or to request a demonstration of the software, email us at info@searoc.com