UK & Ireland Featured Project: FT Pipeline Systems - Integrated Management System (1254)

QEM Solutions used their understanding of the water industry to develop a management system that satisfied the requirements of ISO 9001:2008, ISO 14001:2004 and OHSAS 18001:2007. QEM Solutions continue to manage and improve the organisations processes both on a corporate and project specific level.

Tell Me More...
Overseas Featured Project: Capita Symonds - Valve Inspections

QEM Solutions were contracted to carry 3rd party inspection and witnessing activities on a series of valves fabricated in Germany for a series of SGN contracts throughout Scotland.

Tell Me More...
We are QEM Solutions We are QEM Solutions

We are problem solvers. We are organisers. From the project start-up to the very final evaluations and analysis, we can bring enthusiasm to each and every part of your project.

 

News Spotlight COP26 – Our part in a UK Net Zero future

As world leaders turn for home after the opening days of COP26, leaving their teams to thrash out the difficult details, climate change is at the front of everyone’s minds. The terms ‘carbon’, ‘fossil fuels’ and even ‘beef’ have almost become dirty words. However, we’ve been quietly working towards the UK’s net zero aims for quite some time. Here’s how.

Read more...

News

Back to News
27 Apr 2018

GDPR: Don’t let the deadline pass you by

“I love deadlines. I love the whooshing noise they make as they go by.” 

So said the late Douglas Adams, who was notoriously bad at hitting them. Stephen Fry once described that the only way to get his friend writing was to sit in the author’s front room with his editor – usually crying in despair of her schedule – as Adams would hand-type one A4 sheet at a time and hand it over. We can laugh about it now, but we shouldn’t emulate the acclaimed author’s procrastination. Especially when it comes to the GDPR.

 

How many sleeps?

The GDPR – or General Data Protection Regulation – comes into force on 25 May 2018, so if you’re watching the Royal Wedding without having tackled it yet, you might want to check your priorities. The new legislation is not unreasonable, nor overly complicated, but will require some legwork.

The GDPR is a positive change

The GDPR will ensure that – should a company lose data or have a security breach in this age of cyber-attack – that company can accurately know its extent and be confident that it had permission to hold that data in the first place. The GDPR addresses the challenges of the digital age, where documents are held both on paper and in countless media online.

Key points to consider

  • Significantly higher fines can be imposed on organisations failing to comply
  • There’s a broader definition of what constitutes ‘personally identifiable information’
  • The rules for consent become more stringent
  • Organisations now must respond more quickly to access requests
  • Data collection management and tracking must become much more transparent
  • Accountability: organisations must be able to document how they comply with the GDPR.  

Individuals have more rights

In addition, individuals will have many more rights with regards to information held about them. They have:

  • The right to be informed.
  • The right of access.
  • The right to erasure (The right to be forgotten). This is NEW
  • The right to rectification.
  • The right to restrict processing.
  • The right to data portability. This is NEW
  • The right to object.
  • Rights in relation to automated decision making and profiling.

The Subject Access Request is key

In addition, from 25 May 2018, every individual will have the right to submit a Subject Access Request (SAR) to any organisation, business, public body or charity to find out what information is held about them. That organisation then needs to respond, within one month, with full details of what information they hold, and – crucially – why they hold it.

Every organisation has a duty

Handling information appropriately has become a telling indicator of business, organisation, or charity’s quality, an indicator that’s increasingly valued by a cyber-aware public. But – perhaps yet more compelling – is that failure to comply with the GDPR results in fines of up to 4% of global turnover. And that’s not to mention the damage to reputation and loss of public confidence. Yikes.

Start simply

The starting point for every organisation will be identify and understand what personally identifiable information they have and where it is stored. Is it backed up? Has appropriate consent been obtained and recorded? For small organisations, checking on this may quickly reveal that they have little to worry about. For more complex ones, the task is greater, but far from unmanageable.

We can help

The good news is, we can get you up to speed with the requirements of the GDPR and either prepare you for 25 May, or work on compliance after that date. Talk to us about how we can help.

Find out more