As you may be aware, under the UK’s data protection legislation, organisations have a duty to ensure that there are robust processes in place in terms of how they collect, store, and process “personal data” and there are serious consequence if they fail to do so.
So, what is ‘Personal Data’? This is any information that relates to an identified living individual, in written or image form and includes:
- Name
- Address
- Birthday
- Marital status
- Telephone number
- E-mail address
- Physical characteristics (e.g., height, weight, hair colour)
‘Special Category/Sensitive Personal Data’ includes the following information about identified living individuals and this has greater legal protection:
- Race
- Ethnic background
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic data
- Biometrics (where used for identification)
- Health
- Sex life or orientation
Or any combination of the above that you can use to identify someone.
In the UK protection of Personal Data is regulated by the Information Commissioner’s Office (ICO) and the relevant legislation is the Data Protection Act 2018 and UK GDPR.
The consequences of breaching the rules can result in companies being liable to fines of up to £17.5 million or 4% of global annual turnover (whichever is the greater) for the most serious offences. There will of course also be a great deal of negative publicity associated with a breach of the rules.
At Cemex we have developed a set of detailed processes to ensure we remain compliant. We also hold ISO 27001 certification for Information Security Management.
Some key things to remember:
- The legislation only covers “Personal Data” and does not include data relating to, for example, limited companies.
- Please ensure that if you receive a request from an individual (whether this is an employee, contractor or member of the public) enquiring about personal data held about that person by Cemex, that this is immediately sent to dataprotectionuk@cemex.com. There are strict timescales under the legislation for complying with such requests.
- If we are contacted by customers or suppliers about Cemex’s Data Protection compliance programme and information on measures in place to protect personal data, then please forward these to dataprotectionuk@cemex.com.
- Some customers and suppliers may insist that we enter into special agreements concerning our management of their personal data and please ensure that these are sent to the Legal Department for review. We have our own preferred agreements which should be used in such cases.
- Contact the Legal Department when negotiating contracts which involve the processing of Personal Data.
- Tell us about any new technology that is being developed in the UK and which involves the processing of Personal Data as we will need to carry out a Data Privacy Impact Assessment ahead of implementation. We conducted data privacy impacts on CEMEX Go and icollect ahead of these being rolled out. A Data Privacy Impact Assessment is also required when installing new or altering existing CCTV systems so please also contact us before doing this.
- Do not store Personal Data on the hard drive of your Cemex computer and instead ensure this is kept securely on the Cemex network.
- In the event that your Cemex mobile phone or laptop is stolen then please report this to Simon Whitfield (Process and IT Manager) and Colin Jones (Security Manager) and advise dataprotectionuk@cemex.com so that we can make an analysis in relation to the loss of any personal data contained on the device.
- Ensure that any Personal Data retained on Cemex systems is accurate, relevant, and not excessive. All information must be held in accordance with the Cemex Information Retention Policy.
Vish Puri is the Cemex UK Data Protection Officer and if you have any questions, please do contact him or the Legal Team.
Relevant contacts:
Vish Puri (Legal Director and UK Data Protection Officer), vishal.puri@cemex.com
Laurence Sheppard (Consultant Commercial Solicitor), laurence.sheppardl@ext.cemex.com
Alice Powell (Paralegal), alice.powell@cemex.com