Construction Works – Privacy By Design
The Data Protection Act as it was in 1998 and as replaced as the DPA 2018 (in line with the EU’s GDPR), includes a requirement that comes under the headline of ‘Privacy By Design’.
Architects working on design schemes should also be aware of this requirement. (Item 9 here : RIBA legal team - https://www.architecture.com/knowledge-and-resources/knowledge-landing-page/changes-on-the-horizon-for-data-protection-legislation )
Outline Requirements
From a GDPR perspective, this means that within a construction project, the occupiers/client need to identify which of their activities may generate qualifying (read personal, private, confidential, sensitive) data, or may require the storing of it.
This needs to be considered during the design and build process to ensure security / access arrangements match the occupier’s requirements.
This could be things such as:
• Private spaces for discussing confidential matters / interviewing people etc.
• Use of computers that might display confidential material
• Storage of confidential documents (patient / research records) etc.
• Access control systems where required, to restrict entry to spaces
Since 2018, our first projects to go through the design process from the ground up are now subject to this assessment.
All of the above relates largely to the activities that will be undertaken by the occupiers and it is they that will need to take a lead on providing the context of use and what they will be processing.
What does this mean?
It is largely the responsibility of the user to define what they will be doing and how they will operate in the building
The occupier will need to undertake the necessary GDPR assessments, evaluations, complete data registers and report to the University’s Information Governance Office (IGO)
The E&F Design team will need to ensure and evidence that any physical data security measures have been included in any final design of the building
Next Steps
- The Head of Estates support will notify the University’s IGO that a project is in design
- Project Managers and Client Representatives need to provide project / stakeholder / client information
- The IGO will then request any further information that they feel is required and/or advise on any special considerations with the client
Required Information
In the first instance you need to send the following to the Head of Estates Support:
• Name of Project
• Project Number
• Name/email address/job title of Business Owner/Client Lead/Project Sponsor
• Faculty/School/Directorate of Client
• Outline if personal data is going to be processed / stored on site?
• What kind of personal data (if known)?
Early discussions are always encouraged – please just contact the Head of Estates Support:
Jon Ashley
Head of Estates Support
Directorate of Estates & Facilities
Room 3.009 Beyer Building
0161 306 4962