How will GDPR influence the use of Facilities Management Software data?
The European General Data Protection Regulation (GDPR) has now arrived, which meant organisations were dashing to ensure they were compliant before the deadline.
So with that said even if the author of this post had legal expertise in this area (he doesn’t) it would not serve much purpose using this post to advise Facilities Managers on what to do about GDPR, but...
What I thought would be interesting to consider is what longer term consequences the decisions currently being made by organisations in order to be compliant. To do this it’s probably worth giving a quick, non-legal, summary of what the GDPR is all about. In essence it states that organisations:
- Should not keep personal information about individuals unless they have a reasonable reason for doing so
- Should not keep it any longer than they have reasonable cause to do so
- And that they should take measures to ensure that it is kept safe
Recently I’ve had conversations with numerous organisations in various sectors of industry where the topic of GDPR has come up. My, very non-scientific, appraisal is that most of them are taking the approach that the best course of action is to limit exposure by limiting the amount of data that they store and perhaps more importantly retain.
Now in terms of the legislation this makes perfect sense and I for one wouldn’t argue against, however these conversations brought to mind memories of other discussions I’ve had over the years. On at least two occasions that I can recall, we have been asked to delve into the depth of facilities management software to retrieve historical information regarding where staff were seated in the past. In particular the requirement was to identify historical adjacencies between staff and whilst we weren’t ever advised of the exact reason we were told it was to satisfy a legal requirement.
Fortunately our Excitech FM facilities management software product retains records of historical staff moves as well as being able to retain regular archives of space and staff allocations. In both of these cases the clients were able to use the system to both report on and visualise historic staff seating arrangements.
I wonder now in the light of GDPR how many organisations will be destroying such historical information from their facilities management software, rather than risk having to justify its retention? Whether this is the correct decision or not, it may only come to light many years down the line and the ramifications may never be fully realised.