UK Construction Companies – are you prepared for GDPR in 2018?

Rob Corlett

Business Development

Construction has to be one of the most ‘collaboration-intensive’ industries in the UK, there is a constant requirement for exchanging significant volumes of data internally and with a myriad of external project partners; architects, civil, mechanical and structural engineers, planning consultants and project managers. How are you sending this information and sensitive data? Have you considered the security of your storage, communication and sharing platforms?

Not sure if this has crossed your Radar as yet, but there is new regulation coming into effect in May 2018, which could have big implications for your business. The General Data Protection Regulation (GDPR) is the European Union’s new legislation replacing UK Data law and, irrespective of Brexit, all UK companies need to comply, particularly if they are involved in EU construction projects. How could this impact on you?

There are many compliance issues. However, there are two significant issues also to consider. How and where your data is located (‘at rest’) and how it’s distributed (‘in transit’). The majority of companies are currently looking at cloud storage options. Under GDPR your appointed DPO (Data Protection Officer) would need to ensure you have thoroughly investigated where this data is located and whether GDPR security protocol regulations are being met.

This also applies to your distribution platforms and how secure they are. For a lot of companies they may still be using services such as Dropbox where data is housed in various US locations and, with GDPR looming, they have opened a Frankfurt data centre. They have not been without security concerns , with as recently as August 2016, the leaking of reputedly 68 million account passwords. WeTransfer has followed a similar path with opening a European data centre, however, have you asked your clients about their data storage protocol guidelines?

The large construction companies should by now be thoroughly informed and plan for GDPR. Many UK Public and Private Sector organisations are requiring their data to be hosted in the UK, where we have some of the tightest Data Protection in the world and most stringent storage security.

At Crugo, our communication and file sharing platforms have all been built to be fully GDPR compliant. All data is stored on our own ‘cloud’ servers in the UK which are located in a Tier 4, ISO 27001 certified data centre. This security not only applies to file sharing; our real-time communication platform is 256 bit encrypted with SHA-2 certification, unlike email as the NHS recently found to their cost. And our communication and file sharing platforms are fully integrated to send an encrypted message securely and up to 5GB file to a client. And of course, this content is securely delivered by you, not a third party.

It’s worth taking a look. Ensuring that yours and your client’s confidential data is securely stored, distributed and shared is fundamental. Under GDPR there could be nasty fines. However, it’s the reputational damage to your organisation that could really hurt long term. Conversely, it’s a positive message to your ‘collaboration team’ and project client if you have ensured their data is securely stored to GDPR and their own protocol standards, and that you have communication and content distribution platforms that will protect them.

If you would like to learn some more about Crugo, please visit Crugo or give us a call on 0800 0885084.