As you are probably aware as of Friday 25th May the General Data Protection Regulation (GDPR) comes into force. This applies to how EEBS stores and uses personal data and communicates with both the client, and the sub-contractors that we engage. We wanted to clarify the sub-contractors’ and clients’ positions with regards to storing and sharing information, taking into consideration the new legislation to ensure that all parties are compliant with the new regulations. EEBS has taken independent legal advice regarding this matter and that advice is as follows:

The changes introduced by the GDPR have the greatest impact on how businesses market their services to, and use the personal information of individual members of the public. The regulations that control how businesses market their services and communications with each other remain much as they were under the old data protection rules.

EEBS will therefore continue to send information to contractor clients that we think is informative or appropriate. With regard to how we communicate with our sub-contractors, given that one of the terms of the contract by which we engage sub-contractors specifically confirms that the signatory is supplying EEBS with a business service, the above conditions should also apply. For the avoidance of doubt, we are happy to confirm that we will never sell sub-contractors information to a third party, and EEBS will only share data with third parties after first seeking direct permission from the client or the sub-contractor. Given that we have a direct contractual relationship with both our clients and sub-contractors, specific additional confirmation that clients or sub-contractors are happy to receive our communications is unnecessary.

Sharing sub-contractor information between ourselves and clients

It is reasonable that, as sub-contractors are working directly with clients, sub-contractors’ information is shared by EEBS with our clients. During the process of EEBS engaging a sub-contractor it is usual for the sub-contractor to provide data to the client – therefore it is logical that this information is retained by the client for health and safety purposes, but the client must ensure that the data that is kept is only what is necessary and that there are processes in place to dispose of the information once it is no longer required.

You can read EEBS GDPR policy by clicking here.