Date: 10th Apr 2018 | written by: James Williams
As I’m sure you are aware, the EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018, placing greater responsibilities on companies when storing and processing personal data. Prohire is committed to the GDPR and has been working hard to ensure compliance by 25th May 2018.
New tools to support rental businesses
As well as ensuring that our own activities and processes meet the new requirements, we’re also introducing new tools and features, designed to help rental companies meet their own obligations under the GDPR.
Here’s an overview of the tools and features included in our Prohire GDPR update.
DISCLAIMER: The content of this blog post is provided for general information only and does not constitute specific advice in relation to the GDPR. It is not intended to amount to legal advice on which you should rely. You should take legal advice based on your specific circumstances before taking, or refraining from, any action on the basis of the content of this blog post.
Tag customer records
If you’re going to rely on consent as the basis for holding and processing a contacts’ data, the GDPR states that you must obtain explicit, opt-in consent and be clear about how you intend to use the data when it is collected.
- If valid consent has been obtained and recorded, client records can now be updated in Prohire using tags.
- Please note that rental companies will need to keep separate records/evidence of consent obtained for audit purposes.
- You can configure Prohire to display the consent tagging screen at different stages of the booking process.
- The new Tags screen below allows you to record consent obtained for marketing by Post, Phone, Email & SMS.
- To record that consent has been obtained, simply click on the Yes, No or Don’t Know buttons on the right-hand side of the screen and the client record will be updated accordingly.
- In line with GDPR requirements, you can record separate ‘granular’ consent for specific types of marketing e.g. Email, Post, Phone etc
- The consent tagging relating to an individual client can be viewed by selecting the ‘GDPR Marketing’ tab within the client record screen shown below.
- You can update consent tags at any time by clicking on the ‘Update GDPR Marketing Tags’ button at the bottom of the screen.
- If you’ve already obtained consent from multiple contacts, you can bulk update these clients using the new ‘Tag Bulk Update’ screen shown below.
- The ‘Tag Bulk Update’ screen allows you to search for records by tag type and response e.g. Email = Yes or Post = No
- You can also search for clients linked to bookings that were checked out between two specific dates.
Manage your data processing activity
The documenting of data processing activities is a new requirement under the GDPR. Companies are required to keep certain records relating to data processing and evidence may need to be provided to the ICO if requested.
- A new GDPR Data Management screen allows you to view records along with the reason for holding any personal data e.g. booking, enquiry etc.
- The same screen also displays any consent tagging relating to an individual client. If you have tagged a contact as having given consent, this element of the record will be displayed in green.
- Records displayed entirely in red indicate that there is no basis on which to hold the data and in this situation, you have the option to redact these clients and any associated personal data.
- Users can set their own timescales for holding personal data in line with their own retention policy.
- Let's say you choose to retain enquiry data for three months. If you've held any enquiry data for more than three months, the system will mark these records in red as there is no longer a valid reason to hold the data. You then have the option to redact these records, removing any associated personal data.
- Timescales for holding data can be set using the Retention Settings screen shown below.
- For Scheduled Redaction, you can set the system to retain data for a specified number of days after you have marked it for redaction. The default is 60 days.
- Please note that if you ask us to set your scheduled redaction period to 0 days, records will be redacted immediately and cannot be recovered.
Handle data requests from individuals
Under the GDPR, EU contacts have expanded rights regarding personal data and can make certain requests.
- If you receive a request to delete an individuals’ data, you can now remove any personal data relating to them by clicking on the ‘Schedule Redaction' or Immediate Redaction' buttons on the right-hand side of the client record screen as shown below.
- Once you have completed this process, any fields that previously contained personal data are replaced with the word REDACTED as shown below.
- Although the personal data will be removed, the system will retain certain information such as booking history and source of booking e.g. website, telephone, etc
- If you have received a request to delete personal data, the system will also confirm if there is any legitimate reason to retain it e.g. an active booking.
- Prohire users have always had the ability to update information held within a client record so if you receive a request to update or correct an individual’s personal data, you can simply update the relevant fields within the client record screen.
- If you receive a request to provide an individual with the data that you currently hold about them, you can provide this by generating a custom data export file. We are currently finalising a new GDPR data export file which will be available shortly.
- This new report will allow you to provide an individual with a document containing all the data you hold relating to them.
What happens next?
The new tools and features covered in this article will be rolled out to Prohire users from Thursday 17th May 2018 and ahead of 25th May 2018.
Further updates are planned for the coming months so look out for future blog posts for full details.
The GDPR comes into force on 25th May 2018, so there’s still time to prepare. Full details can be found on the ICO website: https://ico.org.uk