Top Tips on GDPR and Health & Safety

Stephen Thompson is Managing Partner of Cardiff law firm Darwin Gray, which is also a CHC commercial member.


Most people involved in the social housing sector will by now, be familiar with the General Data Protection Regulation (GDPR) which became enshrined in the Data Protection Act 2018 on 25 May this year.


To help, Stephen has drawn up a useful overview of the relevance of the GDPR to health and safety professionals.


“As a starting point health and safety professionals should consider a data audit of the work that they do with a view to identifying the following:

• the legal basis that personal data is being processed


• current data processes and whether they are GDPR compliant


• what personal data is held, why and where


• training requirements


• an assessment of the security of data currently held, in particular sensitive personal data

In relation to sensitive personal data, the following issues should be investigated:

• what sensitive personal data is being collected and for what purposes?


• what security arrangements are in place in relation to the data being held?


• is personal data being transferred to or processed by third parties? If so, what arrangements are in place with those third parties regarding their compliance with data protection laws?


• how long is data held for and how is it destroyed when it is no longer needed?


• are the data subjects aware of the ways in which their data is being processed?


• what procedures are in place to deal with a data subject seeking to exercise their individual rights e.g. a subject access request

At Darwin Gray, we advise extensively on data protection issues and are always happy to provide further guidance where required.”


Find out more about becoming a commercial member here.