There are a lot of headlines and general chatter about data protection currently. This is due to fact that laws affecting this issue are about to be officially overshadowed by a new set of legislation.
The EU General Data Protection Regulation goes live on the 25th May. It is bringing some confusion and worry in its wake.
The first message for taxi operators is, don't panic! Not least as the Gazoop dispatch software has been configured to help you to be compliant with the GDPR.
However, that's not to say that having Gazoop up to date means that you can sit back and ignore the GDPR. There are steps your company needs to take, to meet the new data protection rules.
The GDPR in a nutshell
The starting point is having a good understanding of what this new legislation aims to achieve.
The public need greater reassurance that any data (information) they supply to organisations will be handled securely and that their rights to privacy are being maintained.
The GDPR primarily forces companies such as taxi operators to have far more effective data systems and controls. They also have to be able to prove that they take these issues seriously.
The current Data Protection Act went a long way towards controlling how organisations gathered and used personal information. However, it didn't go far enough - some organisations were under the illusion it didn't apply to them too.
The EU GDPR tightens up on the management of data and how well it is protected. It gives companies new obligation, which will help to restore the public's confidence.
Just a quick note of the "EU" question. Britain's exit from the EU does not have any bearing on this new legislation. The GDPR applies to organisations that use information about EU citizens, so has worldwide applications and impact.
How it affects taxi firms
The GDPR focuses on controlling how organisations gather, use, store and dispose of data.
If your firm is already trying to be compliant to the existing Data Protection Act, with Gazoop to help you, you're well on the way to meeting your new obligations.
However, a thorough audit of your data control procedures and responsibilities would be valuable.
Firstly, when you take information from customers, you will need to be clear what you're going to use the data for. They must "opt in" to providing personal information and have assurances it will be used for a specific purpose. The key word is consent.
If you store information, it needs to be for an agreed time, and for that purpose only. Once it has been used, it should be cleared from your computer systems.
The way you store information on customers has to be "encrypted" which means it's in a special code. That way, if the data inadvertently falls in to the wrong hands, it's meaningless.
The GDPR sets into place strict rules on who can have access to personal information on customers within your firm too. Only the staff who actually need the data should have the ability to "decode" and use it.
One of the things this entails, is taxi drivers or the office team not storing customer information on any system other than the company's official technology and devices.
Also, if you have a database of customers or potential customers, you need to take steps to give them the opportunity to "opt in" to receiving future information from you. It is no longer enough to hold a database and leave people to "unsubscribe". You need their permission for you to contact them.
We hope this gives you more information to help you in to GDPR compliance and if you have any questions regarding how these can be implemented using the Gazoop system feel free to contact us.