Rank: Forum user 
|
The new laws state I am unable to send my client my Engineer’s
competencies, does anyone else have this same issue? Is there a way I can get
around this? As some of my clients require to check competencies in order to
book the works and to write permits etc.
|
|
|
|
|
|
Rank: Super forum user 
|
Just get the persons written permission to allow you to send specific information out to clients if its an issue. Chris
|
|
|
|
|
|
Rank: Super forum user 
|
We are well into the DPA 2018 and yours is the first post I can recall on the forum on this topic. There will be hundreds in construction emailing copies of various plant and operator cards to clients so what is it in the legal text you perceive prevents transmission?
DPA does not apply to the lawful execution of a contract. If that contract necessitates proof of competence for completion DPA is not a block.
|
 4 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
We are well into the DPA 2018 and yours is the first post I can recall on the forum on this topic. There will be hundreds in construction emailing copies of various plant and operator cards to clients so what is it in the legal text you perceive prevents transmission?
DPA does not apply to the lawful execution of a contract. If that contract necessitates proof of competence for completion DPA is not a block.
|
4 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
Dennis,
Ask your client for a copy of their GDPR Consent Form, complete it and return it with your certs.
John
|
|
|
|
|
|
Rank: Super forum user
|
How does a clients GDPR form relate to the suppliers employee data?
What you need is their policy on handling and processing third party information. The purposes "of data" are the legal responsibility of the employer under the Data Protection Act.
|
2 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
How does a clients GDPR form relate to the suppliers employee data?
What you need is their policy on handling and processing third party information. The purposes "of data" are the legal responsibility of the employer under the Data Protection Act.
|
2 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
GDPR is a general requirement, so a business must control the storage and use of data of employees, contractors and customers. My clients hold copies of my CV, NEBOSH certs, IOSH card etc and have a duty to handle that data according to the GDPR and I give them my consent to keep only electronic copies of that data, no print-outs or sharing of that data. Edited by user 18 February 2020 08:37:40(UTC)
| Reason: typo
|
|
|
|
|
|
Rank: Forum user
|
Thanks for the information
|
|
|
|
|
|
Rank: Super forum user
|
Denis as chris says get the permission from the trainee to send that information on ...you may want to add it to any assessment so that the trainee signs to agree to send a copy or that it is therer responsibility to provide a copy to thier employer...in the case of the regulation you are the data controller and must ensure that any information handed over has a signature granting that right and evidence to show the handover/ consent chain...
|
|
|
|
|
|
Rank: Super forum user
|
Originally Posted by: JohnW  My clients hold copies of .... and I give them my consent ......
A situation that would work well for a single consultant or sole trader.
When you look at the contractor and a large pool of potential signatories, many unlikely to be anywhere near the office, you have created an unecessary bureacracy. Here consent should be given to the employer by the employee and it is the employers duty to validate 3rd party policy before passing over employee information.
|
2 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user
|
Originally Posted by: JohnW My clients hold copies of .... and I give them my consent ......
A situation that would work well for a single consultant or sole trader.
When you look at the contractor and a large pool of potential signatories, many unlikely to be anywhere near the office, you have created an unecessary bureacracy. Here consent should be given to the employer by the employee and it is the employers duty to validate 3rd party policy before passing over employee information.
|
2 users thanked Roundtuit for this useful post.
|
|
|
|
Rank: Super forum user 
|
The new law does not state that you can't send your client details of your employee's competencies it says you can't send them SENSITIVE PERSONAL data - there is a big difference. Read the guidance.
https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation
It's very self explanatory there is no reason why you can't send the certificates through so long as the data does not come into the class of sensitive.
|
|
|
|
|
|
Rank: Super forum user
|
Originally Posted by: Hsquared14 .....no reason why you can't send the certificates through so long as the data does not come into the class of sensitive.
I consider qualifiation certificates as 'vulnerable' data, i.e. data which could be used by fraudsters, impersonators, so I would still want the client to give assurance (via a consent form and data policy) that the data is held securely and access/processing is limited.
John
|
|
|
|
|
|
Rank: Super forum user
|
Data Protection laws are about the responsibility of businesses (and others) to manage other people’s personal data. It does not relate to your data about yourself. That is yours and you can voluntary send it to any one you like. You can print a copy of your CV on a T-shirt and parade it up and down the street for all to see. You data is your’s.
|
|
|
|
|
|
Rank: Forum user
|
Originally Posted by: Hsquared14 The new law does not state that you can't send your client details of your employee's competencies it says you can't send them SENSITIVE PERSONAL data - there is a big difference. Read the guidance.
https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation
It's very self explanatory there is no reason why you can't send the certificates through so long as the data does not come into the class of sensitive.
But surely the information thats on the competency card could be classed as sensitive as you are getting the name, sex, photo and sometime the DOB, this information could be used by fraudsters
|
|
|
|
|
|
Rank: Forum user
|
Originally Posted by: A Kurdziel Data Protection laws are about the responsibility of businesses (and others) to manage other people’s personal data. It does not relate to your data about yourself. That is yours and you can voluntary send it to any one you like. You can print a copy of your CV on a T-shirt and parade it up and down the street for all to see. You data is your’s. Thank you for your comment, i am mainly asking about sending my Engineers data to my clients
|
|
|
|
|
|
Rank: Super forum user
|
“But surely the information that’s on the competency card could be classed as sensitive as you are getting the name, sex, photo and sometime the DOB, this information could be used by fraudsters” Protecting a person identity is not what Data Protection is about. The laws are intended to stop people misusing data that they hold on you for nefarious purposes including putting you onto black lists, giving you wrong credit scores, accusing you of being a criminal etc.
|
|
|
|
|
|
Rank: Super forum user
|
You review the clients policy and if it is satisfactory:
You password protect the file - in this case the competency certificate. This is sent to the client. You then separately send the password so they can view the file. The emails (or covering letter should you wish to send them by media - CD, USB or SD Card) become your record of how you handled the sensitive data.
|
|
|
|
|
|
Rank: Super forum user
|
You review the clients policy and if it is satisfactory:
You password protect the file - in this case the competency certificate. This is sent to the client. You then separately send the password so they can view the file. The emails (or covering letter should you wish to send them by media - CD, USB or SD Card) become your record of how you handled the sensitive data.
|
|
|
|
|
|
Rank: Super forum user
|
Originally Posted by: A Kurdziel Protecting a person identity is not what Data Protection is about. The laws are intended to stop people misusing data that they hold on you for nefarious purposes including putting you onto black lists, giving you wrong credit scores, accusing you of being a criminal etc.
No. If you check the ICO guidance they define 'personal data' and 'sensitive data' etc. First on their list is 'personal data', they say: What information does the GDPR apply to?
Personal data
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who
can be directly or indirectly identified in particular by reference to an identifier.
So applies to address, driving licence no., CV, certificates etc
John
|
|
|
|
|
|
Rank: Super forum user
|
Originally Posted by: dennispollard Originally Posted by: Hsquared14 The new law does not state that you can't send your client details of your employee's competencies it says you can't send them SENSITIVE PERSONAL data - there is a big difference. Read the guidance.
https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation
It's very self explanatory there is no reason why you can't send the certificates through so long as the data does not come into the class of sensitive.
But surely the information thats on the competency card could be classed as sensitive as you are getting the name, sex, photo and sometime the DOB, this information could be used by fraudsters
No it isn't - the nature of sensitive information is clearly defined in the guidance to the GDPR and you need to read it not make guesses about what the act applies to and what constitutes sensitive data as defined in the Act.
|
|
|
|
|
|
Rank: Super forum user
|
Originally Posted by: Hsquared14 Originally Posted by: dennispollard Originally Posted by: Hsquared14 The new law does not state that you can't send your client details of your employee's competencies it says you can't send them SENSITIVE PERSONAL data - there is a big difference. Read the guidance. https://www.gov.uk/gover...ta-protection-regulationIt's very self explanatory there is no reason why you can't send the certificates through so long as the data does not come into the class of sensitive. But surely the information thats on the competency card could be classed as sensitive as you are getting the name, sex, photo and sometime the DOB, this information could be used by fraudsters No it isn't - the nature of sensitive information is clearly defined in the guidance to the GDPR and you need to read it not make guesses about what the act applies to and what constitutes sensitive data as defined in the Act. As I said earlier, the ICO guidance defines 'personal data' and 'sensitive data' etc. BOTH have to be controlled/processed appropriately. In their definitions, first on their list is 'personal data', they say: What information does the GDPR apply to? Personal data The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. So GDPR applies to address, driving licence no., CV, certificates etc John Edited by user 19 February 2020 13:33:42(UTC)
| Reason: Typo
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.