I have always pondered over the phrase “it’s the same but different,” until recently when Autodesk BIM Collaborate Pro was launched. Living through a pandemic and reviewing our workflows to cater for home working, has resulted in a huge surge in the AEC industry to move our work into the ‘cloud’. That solution was Autodesk BIM 360 Design.Learn more
Take good care of your emails or risk huge fines
It seems like such a long time ago that we were all wondering how the General Data Protection Regulation (GDPR) would impact our businesses and it’s easy to imagine that the problem has now gone away, but ignore it, and you could be making an expensive mistake.
Many of the fines are related to poor handling of customer data and these fines are often large. Take these companies for example:
- Marriott International – Fined £18.4 million for failing to keep customers’ personal data secure https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-marriott-international-inc-184million-for-failing-to-keep-customers-personal-data-secure/
- British Airways – Fined £20 million for data breach affecting 400,000 customers https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers
Some are for unsolicited marketing. For instance:
- Pension House Exchange Ltd - Fined £45,000 for making 39,722 connected unsolicited calls for the purposes of direct marketing https://ico.org.uk/action-weve-taken/enforcement/pension-house-exchange-limited/
- Pownall Marketing Ltd – Fined £250,000 for using a public electronic communications service to make 365,369 unsolicited calls for direct marketing purposes https://ico.org.uk/action-weve-taken/enforcement/pownall-marketing-limited
Others are where staff have either disclosed personal information or tried to destroy data.
Interestingly the Information Commissioner’s Office is pursuing the Metropolitan Police Service* for their failure to comply with subject access requests. These breaches are more common and it is requests like these that can sometimes cripple a business.
What is a Subject Access Request?
Under GDPR, individuals have the right to access the data that companies hold about them and there are plenty of websites providing advice on this. Some offer example wording that can be used when making your request, for example:
In relation to emails, you may limit the search to emails between [NAMES] during the period [DATES]. However, in relation to [SUBJECT MATTER] please ask [NAMES] whether any of them is aware of others who are likely to have exchanged emails containing personal data relating to me. If so, please let me know who those others are and search the emails of anyone that any of them identifies as well as those individuals mentioned above.
The person making the request would typically be someone who applied for a job or an ex-employee, but it could be anyone that your business has communicated with. In either case, you normally have a month to comply**.
Finding those messages
Have a good read of the sample request above. It is not just asking for the messages that meet limited criteria, it is open to anyone in the business who might have exchanged emails containing that person’s personal data. You can’t just ask your staff to take a peek in their own email as they may not be thorough, and what are you going to do if people are off sick, on holiday or have left the business? Just gaining access to the email accounts could be an issue too.
If your data is structured, it is easy
Our AEC email management software Excitech Mail is not promoted as a tool to solve GDPR matters. Indeed its main usage is in the day-to-day filing of messages so that staff can easily locate messages relating to projects, legal matters, clients, etc. It creates structure where previously there was chaos.
In this situation, it can be a lifesaver because you can use its fast search to find messages even when your search terms are vague. For example, let’s imagine that the individual had applied for a job and his/her mobile phone number had been passed to selected colleagues via email. Simply enter the phone number in the search tool and ALL instances of it, regardless of who sent or received it, are found in less than a second.
For the price of a couple of coffees per month, you can not only have the peace of mind that a data request is not going to cause you to miss a heart beat, but you also have all of your project emails filed with the projects and not scattered in personal inboxes, so if you at any point in time want to see what correspondence has been had with a client, it’s all there instantly. More importantly, if there is a query or worse still, a claim later on, you can once again get the full communication history in an instant.
For more information on our AEC email management software Excitech Mail and a free 30-day trial, click here.
I am not a fan of Q.A. audits. It takes me back to my school days…” He tries hard but needs to: pay more attention to detail, check his work and complete it in time.” Sounds familiar? This blog article looks at how Excitech Docs can help make preparing for Q.A. audits easier.Learn more
This blog brings focus on ISO 19650 level of information need, looking at the delivery phase and the main changes made in 2020.Learn more