Do BIID Members need to worry about GDPR?
In short - yes! GDPR will affect any businesses including interior designers or industry partners that collects, processes or stores data. This can be the list of customer's name and addresses in a physical address book or a list of 4,000 cloud-based data subjects.
At the BIID, we are currently in the full throws of preparation for the new data protection regulation. GDPR is coming into effect on 25th May 2018, replacing the 1998 Data Protection Act. We are very aware of the challenge many of our members face getting ready for this significant change in law and as such have prepared a brief overview explaining the change and some suggested resources.
What will GDPR affect?
GDPR covers individuals’ personal data including but not limited to, name, address, telephone and email. The processing of data in emails, briefs, recommendations and other activity is covered by GDPR and all regulations apply.
The principles of GDPR
The key principles of GDPR give an insight into the premise of the regulation and reflect the depth of information covered and the rights afforded to individuals moving forward. All personal data must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What should you do?
Take the time to learn about GDPR. Compliance sounds daunting but by getting informed you are best placed to deal with it. As you would expect from a professional body for Interior Designers, at the BIID we have immersed ourselves in all things GDPR and we would like to remind our members to pay extra attention to a couple of things.
1. Individual Rights including:
-
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
2. Consent
-
- Consent must be freely given; this means giving people genuine ongoing choice and control over how you use their data
- Consent should be obvious and require a positive action to opt in
- Consent requests must be prominent, unbundled from other terms and conditions, concise and easy to understand, and user-friendly
- Consent must specifically cover the controller’s name, the purposes of the processing and the types of processing activity
- Explicit consent must be expressly confirmed in words, rather than by any other positive action
- There is no set time limit for consent. How long it lasts will depend on the context. You should review and refresh consent as appropriate.
Everything else you need to know can be found at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
The Information Commissioners Office has also produced a number of excellent articles and resources that are specifically created for small organisations. We highly recommend the ‘12 steps to do now’ and the myth busting blogs as a great practical resource to set you on the right path.
https://ico.org.uk/global/contact-us/advice-service-for-small-organisations/
Another community that can provide support any advice can be found at the DP Network:
Disclaimer: The BIID is not a law firm and is not providing legal advice. It is the responsibility of our members to read the guidelines as set by ICO and interpret and apply them as they deem appropriate. BIID accepts no responsibility for policies implemented by its members.
Arts University Plymouth wins the BIID Student Design Challenge 2024.
BIID has welcomed a range of new members and Industry Partners over the last three months
Katherine Elworthy reflects on 15 years Chief Operating Officer of the BIID
The BIID are delighted to welcome GP & J Baker as Platinum Partner
With so much to do at Decorex, we spoke to Ana Caetano Alves for advice on how to make the most of it
We are delighted to welcome the new BIID President for the 2024 - 2025 term, Angela Bardino