Tim Belden has recently joined NMITE as Assistant Professor for Digital Engineering and is passionate about the application of digital technology to enhance engineering projects. On Data Privacy Day, Tim gives some insight into the General Data Protection Regulation (GDPR), and why new engineers may need to familiarise themselves with the policy.
The introduction of the General Data Protection Regulation, or GDPR, tailored by the Data Protection Act 2018, probably will not have escaped your notice. If it has and you own a business, or work for a business that records data, then you should certainly have a read of it. The regulations introduction brought with it a maximum fine for non-compliance of £17.5 million, or 4% of annual turnover - so it's worth knowing about.
As an engineer, regardless of your field of expertise, crunching data and making decisions based on this data, is usually a major part of the workload. The GDPR is focused on information stored on people, so if what you're working on collects data about materials, or for example, positions of inanimate objects, then the GDPR does not come in to play. Even so, it is worth reading through your obligations, as it is likely at some point they will apply in some aspect of your work.
Assume for a moment you have issued a tender for supply of equipment for your project. If any of the companies involved are sole traders and you hold data that allows the identification of a person, then GDPR almost certainly applies.
In terms of engineers writing programs, there needs to be an awareness of how any personal information captured will not only be held securely, but that access to that data is limited to only those who have a reason to view it. There should also be a mechanism to delete the data once the reason for holding the data has expired.
From just these two short examples, the ramifications of GDPR are hopefully clear. That is not to say we should in any way be disheartened. In the new world of big data there are many possibilities of improving business and research systems, as well as enhancing the customer experience. We all just need to be mindful though, of where this data can identify individuals and take the appropriate steps as outlined by the regulations.
A good starting point in familiarising yourself with the GDPR, is the UK government website.