The GDPR will replace the existing European Data Directive when it come in to force on the 25th May 2018. The aim is to create a “one stop shop” for data protection with common rules applying across the EU (Find Out More Here).
We are not here to scare you, but to inform and suppprt you so you avoid potential fines. We also advise you to review your data protection procedures well in advance so you don’t have a last minute panic. The GDPR is actually quite sensible and is a much needed update for anyone who handles personal data. Afterall, wouldn’t you like to know that the businesses, organisations and charities who handle your data are doing so securely, legally, are taking care of your personal information and that only authorised and trained personnel can access your data?
Please note: We are not lawyers and this is not legal advice, but we are confident we understand GDPR based on our number of years of IT experience (visit OJE) to advise accordingly:
GDPR Matters Despite Brexit
What about BREXIT – It doesn’t apply to us? The UK position is that whatever the position going forward, GDPR is here to stay and the new Data Protection Act (currently a Bill) will repeal the old 1998 Act and implement GDPR in full, preparing the UK for when it leaves the EU. Therefore, BREXIT has no impact on the introduction of the GDPR to business and organisations across the UK.
Whilst GDPR is new, data protection has been around since 1984. So, if you have been complying with the existing legislation your task will be much easier. If you haven’t been complying you have a mountain to climb!
8 Tips To Get Your Transport Services Ready
1) Privacy Information Notices: if you have a website then review your current privacy notice and put a plan in place to make the changes necessary to make if GDPR compliant.
2) Conduct a Privacy Impact Assessment (PIA): You will find guidance about PIA’s on the Information Commissioner’s Website.
3) Audit: Carry out an audit of your data flows, where it comes from, where it goes and the legal basis you rely on for holding it.
4) Contract Documentation: Audit any existing agreements with your suppliers and update any data protection/data processing provisions.
5) HR Policies & Employment Contracts: You will need to review these to ensure that you meet all the requirements of GDPR in relation to your employees.
6) Training & Awareness: Ensure that your whole organisation is familiar with the GDOPR requirements. Arrange training as necessary.
7) Consent: Check your justification for processing to ensure it meets the requirements of GDPR. Reliance on consent will not be what it used to be. If you use pre-ticked boxes in order to gain consent these will have to be changed. You will need to ensure that any marketing you do either on your own behalf, or via an agency is compliant with GDPR. You will also need to ensure that you have informed any passenger and driver what you are doing with their data and how you handle their personal data to deliver your transport services.
8) Overseas Transfers of Data: If you are transferring data outside of the EEA you need to ensure that the basis on which you do so is legal and watch out for changes that may occur in the future.
Is My Company/Start Up/Charity Going To Be Impacted?
Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.
Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more. This is not just applicale to electronic data but hard copy too.
Can Road XS Help?
Yes. The GDPR does not just apply to computer systems, it’s all personal data and how you process that data. The biggest benefit of Road XS is that data security processes are already built into the software including standard confidentiality, data integrity and data availability protocols. It also incorporates opt-in and consent procedures and via our cloud refresh programme ensures that the latest legislation is adhered to.
But we oprate fine on paper I hear you say, it doesn’t matter to us! It does as you are still handling personal data and will hopefully have security procedures in place for how you file the bits of paper you have. However there is one downfall to paper moving forwards and that is, factor in the time it will take you to find all the records and destroy any data on any passenger when they exercise their right to be forgotten. There simply isn’t the time or resources available to operate efficiently under the new legislation and passengers will also become familar with their data rights and have numerous questions about it and how you are handling the data. Even if you use a spreadsheet, you still won’t be filing the data in an efficient and secure manner and ultimately will fall short on how you are processing the personal data (read more about spreadsheets here).
But Why Road XS?
Times have changed considerably, and they had to. The old Data Protection Act of 1998 needed to change to meet new standards and to protect the clients and customers we all serve. Road XS has been developed to assist and support transport services providers by giving them access to technology which is usually beyond available budgets no matter how large or small your operation.
Together we can work on enhancing transport services and ensure that we save your passengers money and optimise your routes to save operaring costs.