Written by Bassam Samman, PMP, PSP, EVP, GPM
The GDPR (General Data Protection Regulation) as well as other similar regulations which came into force both in European Union, United Kingdom and other countries across the world which have started in 2018 will impact all companies that collect personal data of citizens. Those regulations will have a great impact on the construction industry where a lot of data, including data on individuals who are involved in delivering the project. This will include individuals representing the different entities involved in delivering the project like the project owner, project management consultant, supervision consultant, contractors, subcontractors and suppliers. This even will get more challenging with the emerging need to collect data on individual’s origin, natural characteristics or health condition as a result of the COVID-19 pandemic.
Unlike planning and scheduling tools where labor resources data tends to be generic, Project Management Information Systems (PMIS) like PMWeb are configured to identify and capture the specific details of each individual or labor resource will be either deployed on the project site or remotely involved. The submit, review and approval workflow steps will be assigned to specific individuals, on-site activities which will be executed by specific resources, resource requirements, organization chart, timesheets among others. The vast amounts of personal data captured and stored in PMWeb need to be protected in a format that complies with the GDPR regulation requirements. Those will require complying with the six main standards of GDPR which are Transparency and Lawfulness, Purpose, Minimization, Accuracy, Storage and Confidentiality and Integrity.
Transparency and Lawfulness
PMWeb resource module will be used to capture those specific details for each individual for which permission can be set to restrict access for the module. The project management team needs to establish a transparent process to document the roles and responsibilities for capturing the personal information for each individual or labor resource.
The documented process needs also to identify the specific and legitimate reason behind the collection of the personal data. For PMWeb, this data will be needed when defining the project management processes workflow and capturing progress using the daily report module.
Only the fields either available by default or added to the PMWeb resource module will used to capture the individuals’ data. The PMWeb administrator should only collect the minimum possible amount of data that is needed for managing the project management processes.
The assigned PMWeb administrator will be responsible to ensure that the captured personal data for each individual is precise and continuously updated. Some if the fields in the PMWeb resource module could be defined as list fields to ensure that selection can only be done from pre-defined list of values.
Unlike other PMIS solutions that are only available as SaaS where the super administrator privileges are controlled by the software vendor, PMWeb offers the self-hosted option where the Client can host PMWeb on their own web-servers or any other third-party data centers like Microsoft Azure Cloud, Amazon Web Services among others. This means that the Client will be the only super administrator and will have the ultimate control on the captured and stored data. This will enable the Client to ensure that the secured stored data will be deleted as soon as the data is no longer necessary for the specified purposes as identified in the project management plan.
Confidentiality and Integrity
With PMWeb self-hosted option, the Client can ensure that the data is stored in a secured manner within the border of their own country. Clients who opt to host PMWeb on their data centers, can run their own security assessment scan to ensure that all data security threats are identified, addressed and resolved. Having PMWeb as self-hosted provides the Client with an option to have a project management information system available that is available on a secured intranet platform when needed.