Theresa works for a precision manufacturing company. Customer data relates to large corporates and multinational companies. The company’s employees present the biggest dataset of personal data with standard HR practices, timekeeping systems, Health & Safety training and monitoring systems. Detailed records of the manufacturing process are required to identify who was involved at each stage of the process for quality assurance and traceability. This includes using CCTV inside the works. CCTV also helps to maintain the strict controls over access to laboratories for Health & Safety purposes. Only those employees that have completed the relevant training are allowed access to the labs and CCTV is a useful tool for checking that the rules are being followed.
Advised by Theresa, the company decided that its use of CCTV and maintenance of strict timekeeping controls and traceability records constituted “monitoring on a large scale as part of its core business activities” requiring the appointment of a Data Protection Officer or DPO. Theresa is taking on the role but the company is keen to ensure that it is not completely reliant on one person as a GDPR specialist and Theresa is also keen to share the workload. The DPO Support Package is an ideal solution, Theresa can share the audit forms with colleagues to check on the compliance of CCTV, to ensure that Privacy Notices (especially around Monitoring) are complete and up to date and to record and report findings.
This week the Managing Director mentioned introducing geolocational tracking to the company’s delivery lorries to help keep track of where the goods are and predict arrival times for customers. This will supplement the tacographs in the cabs too, helping to demonstrate compliance with Health & Safety requirements. Best make a note to add that to the list of monitoring activity Theresa!