The GDPR (General Data Protection Regulation) as well as other similar regulations which came into force both in European Union, United Kingdom and other countries across the world which have started in 2018 will impact all companies that collects personal data of citizens. Those regulations will have a great impact on the construction industry where a lot of data, including data on individuals who are involved in delivering the project. This will include individuals representing the different entities involved in delivering the project like the project owner, project management consultant, supervision consultant, contractors, subcontractors and suppliers. This even will get more challenging with the emerging need to collect data on individual’s origin, natural characteristics or health condition as a result of the Covid-19 pandemic.
Unlike planning and scheduling tools where labor resources data tends to be generic, Project Management Information Systems (PMIS) like PMWeb are configured to identify and capture the specific details of each individual or labor resource will be either deployed on the project site or remotely involved. The submit, review and approval workflow steps will be assigned to specific individuals, on-site activities will be executed by specific resources, resource requirements, organization chart, timesheets among others. The vast amounts of personal data captured and stored in PMWeb need to be protected in a format that complies with the GDPR regulation requirements. Those will require complying with the six main standards of GDPR which are Transparency and Lawfulness, Purpose, Minimization, Accuracy, Storage and Confidentiality and Integrity.
Transparency and Lawfulness
PMWeb resource module will be used to capture those specific details for each individual for which permission can be set to restrict access for the module. The project management team needs to establish a transparent process to document the roles and responsibilities for capturing the personal information for each individual or labor resource.
The documented process needs also to identify the specific and legitimate reason behind the collection of the personal data. For PMWeb, this data will be needed when defining the project management processes workflow and capturing progress using the daily report module.
Only the fields either available by default or added to the PMWeb resource module will used to capture the individuals’ data. The PMWeb administrator should only collect the minimum possible amount of data that is needed for managing the project management processes.
The assigned PMWeb administrator will be responsible to ensure that the captured personal data for each individual is precise and continuously updated. Some if the fields in the PMWeb resource module could be defined as list fields to ensure that selection can be only done from pre-defined list of values.
Unlike other PMIS solutions that are only available as SaaS where the super administrator privileges are controlled by the software vendor, PMWeb offers the self-hosted option where the Client can host PMWeb on their own web-servers or any other third-party data centers like Microsoft Azure Cloud, Amazon Web Services among others. This means that the Client will be the only super administrator and will have the ultimate control on the captured and stored data. This will enable the Client to ensure that the secured stored data will be deleted as soon as the data is no longer necessary for the specified purposes as identified in the project management plan.
Confidentiality and Integrity
With PMWeb self-hosted option, the Client can ensure that the data in stored in a secured manner within the border of their own country. Clients who opt to host PMWeb on their data centers, can run their own security assessment scan to ensure that all data security threats are identified, addressed and resolved. Having PMWeb as self-hosted provides the Client with an option to have a project management information system available that is available on a secured intranet platform when needed.
About the Author
Bassam Samman, PMP, PSP, EVP, GPM is a Senior Project Management Consultant with more than 35-year service record providing project management and controls services to over 100 projects with a total value in excess of US $5 Billion. Those projects included Commercial, Residential, Education and Healthcare Buildings and Infrastructure, Entertainment and Shopping Malls, Oil and Gas Plants and Refineries, Telecommunication and Information Technology projects. He is thoroughly experienced in complete project management including project management control systems, computerized project control software, claims analysis/prevention, risk analysis/management (contingency planning), design, supervision, training and business development.
Bassam is a frequent speaker in topics relating to Project Management, Strategic Project Management and Project Management Personal Skills. Over the past 35 years he has lectured at more than 350 events and courses at different locations in the Middle East, North Africa, Europe and South America. He has written more than 250 articles on project management and project management information systems that were featured in international and regional magazines and newspapers. He is a co-founder of the Project Management Institute- Arabian Gulf Chapter (PMI-AGC) and has served on its board of directors for more than 6 years. He is a certified Project Management Professional (PMP) from the Project Management Institute (PMI), a certified Planning and Scheduling Professional (PSP) and Earned Value Professional (EVP) from the American Association of Cost Engineers (AACE) and Green Project Management (GPM).
Bassam holds a Masters in Engineering Administration (Construction Management) with Faculty Commendation, George Washington University, Washington, D.C., USA, Bachelor in Civil Engineering – Kuwait University, Kuwait and has attended many executive management programs at Harvard Business School, Boston, USA and London Business School, London, UK.