What You Need To Know About GDPR – What Should You Do To Comply

GDPR - General Data Protection RegulationFrom 25th May 2018, the new GDPR (General Data Protection Regulation) rules regarding companies holding personal data will come into effect, and these new rules will effect companies of all sizes that hold data of any EU citizen, „personal data“ being data stored on a computer or simply on paper!

So far, according to a survey conducted by the law firm Irwin Mitchell, only 30% of companies have prepared themselves for what is to come, meaning that many firms would probably go out of business if they received the maximum punishment of 4% of their annual turnover, limited to €20 million ($24 million), enforced by the ICO (the Information Commissioner’s Office).

Many companies remain blissfully ignorant and think the regulation doesn’t apply to them, as they don’t store information on a computer, or due to Brexit the rules won’t apply or they feel things are fine as they are.  They are probably wrong, as all companies store personal data, whether it be employee, marketing or customer information, and as these rules come in before the UK leaves the EU, it will be written into UK law as well.

What Is GDPR

  • GDPR are rules companies have to abide to when they hold personal data or information of EU citizens.
  • They give power to the people over their personal data and give them more rights, making companies more accountable.
  • They also simplify the regulatory environment for international business by unifying the regulation within the EU, so even if you are outside the EU, it could still apply to you.
  • The regulation covers how you must securely keep data, how it should be exported and what you must do if you have a data breach.
  • With GDPR, a person must give you consent to hold their data, they have the right to demand changes to it and they have the right to order you to delete or destroy it.

What Can Happen

All companies must keep all personal data of their customers, employees, etc. safe. If any personal data held on an EU citizen is compromised, it must be reported to the ICO within 72 hours of the breach, otherwise the business or organisation will be fined upto €20 million. If they find that security of your data was lax or you held on to data that should have been deleted, you can be also fined, and even sued by the individual whose data you held onto.

What do I need to do?

GDPR - What to do nextAny business that processes or holds any personal data (online or on paper) should review how it handles that data, where it is stored, how safe it is, whether it is shared with third parties and whether it is actually needed.

A good first step is to carry out an impact assessment. This should focus on three main areas: how employees control and process the data; processes (how you obtain the data, where you store and send it); and reducing risk (ensuring you have adequate security and data encryption in place).

Under the GDPR you only have to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals. An example being a breach that is likely to have a significant detrimental effect on individuals. A list of first names might not be detrimental, but a list with dates of birth and/or contact details will be. The ICO provides the following guidelines to what might constitute a detrimental effect:

  • result in discrimination,
  • damage to reputation,
  • financial loss,
  • loss of confidentiality
  • or any other significant economic or social disadvantage.

Again, it is vitally important that any breaches that may or do match any of the above points, must be reported to the ICO within 72 hours of the organisation becoming aware of it.

For example, employee data, such as assessments, do you need to keep them after they have left your employment?  If the employee hasn’t asked that you keep them, after a period of time, it would be wise to destroy or delete them. You must also grant the employee or ex-employee access to all data you hold on them so they can ensure that it is accurate and to raise any concerns on its validity or accuracy.

Exceptions

There are some exceptions to GDPR when it come to the right to be forgotten, for example if you decide to keep employee performance records for a period of time following their resignation, in case of a future legal claim against you, or there is an ongoing dispute where it is evidence.  However, you should be clear on what you will hold onto and make sure that it is destroyed when it is no longer needed.

Is My Equipment Rental Software Safe

If you are using software to store data and run your business, you must make sure that they store your data securely and that their login infrastructure is secure. If you do not use cloud software, you must make sure you have regular off-site backups, that the servers are in a locked and secure room (someone stealing a server or a hard drive is a data breach). You also need to perform regular virus checks on the server and all connected computers, make sure your firewall is setup, maintained and active, as well as a host of other requirements.  If you are using cloud software, then most of these requirements are alleviated and all you really need to worry about are login details not being kept secret, which is mitigated with MFA (see below).

What Personal Information is Covered Under GDPR

GDPR covers personal information about an individual being anything that can be used to identify them, such as their name, address, personal email address, identification number (such as passport number), location data (like tracking information from a phone), medical records etc.  What is not governed under GDPR is company information like a registration number, company address, a generic company email address (like accounts@email.com) or anonymous data about a person (this could even be medical data as long as the person it belongs to can’t be identified).

How Long Can I Hold Data According To GDPR

The time data can be held varies depending what the data is used for, and there is no set or specific time period set-out by GDPR.  The rule of thumb is that data should be erased a soon as it is not needed, kept for the shortest time possible, however there are many exceptions.

When it comes to business, you are required and/or allowed to keep the information for Tax, fraud, research, scientific, public interest and possible litigation reasons, etc.  You are also allowed to keep the data for reference reasons for your own internal use (you often need to reference old jobs to see what you supplied for example), however once the information becomes useless, you are required to only delete the information that identifies a person associated with the job. For example, with a hire company, you often have repeat business, sometimes over many years, and it may be necessary to see what you previously supplied them and for what price, so for this reason, you would be allowed to hold onto the data. If the customer vows never to use you again, after you have kept the data long enough to satisfy the tax authorities (sometimes 7 years according to the IRS) and the data is no longer needed for litigation, etc., you should erase their name, contact details and any correspondence from the job that can identify the customer.

What if I Hold Information for Marketing?

Not surprisingly, this is a little bit grey, but this is best we can make of it.  The collected information you hold is used and required by you for as long as you use it for marketing, therefore you are allowed to keep it, however the person has a right to unsubscribe from receiving marketing material from you.  If they have unsubscribed, the information that identifies them (like an email address) is not needed anymore, however some data, like how they responded to campaigns, is needed and you can keep it, as long as that data is anonymous (meaning you can’t identify the person it belongs to).

HireHop is Safe and GDPR Compliant

GDPR Compliant

All data stored within the HireHop cloud software is stored on Amazon Web Services RDS and S3 servers (trusted by NASA, Netflix, UK Ministry of Justice, etc.).  All data stored by HireHop is encrypted behind firewalls, and is backed up on a daily basis, all protected by a multi-billion dollar security infrastructure in worldwide data centres. HireHop also adopts a two step login, and limits login attempt with timeouts to prevent hackers from mounting a brute force attack to assess passwords.  To help you with GDPR compliance, all passwords stored on HireHop are encrypted, HireHop allows the contacts in your address book to unsubscribe from mailing lists simply by clicking an optional unsubscribe link in emails you send them, and you can limit your users to only be able to login at certain locations.

One security weakness in many organisations is that staff tell each other their passwords, and when one staff member leaves, even though you may have disabled their account, they still might know another member of staff’s login details. To combat this HireHop now offer sign-in with Google and Microsoft, and with both of these you can enable MFA (Multi Factor Authentication). The advantage of this is that with MFA, the member of staff not only needs their password to login, but also their mobile phone needs to be at hand.

HireHop has also implemented a personal data erase feature, however as HireHop has only been released for 1½ years up to when this article was written, and all data held must be held for at least 7 years for tax reasons, the feature is currently not enabled so as to save our customers from making foolish mistakes.

 

To find out more, see the ICO’s 12 step guide at https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf.

Disclaimer: Nothing on this site constitutes legal advice. Specialist legal advice should be taken in relation to specific circumstances. The contents of this site are for general information purposes only.

HireHop Cloud Software for Hire and Rental Companies – How to Guides

Here at HireHop we want our users to make the most of our powerful software, keeping you up-to-date with all the latest features and advances – and leaving you with the tools to ensure your hires and rentals are managed as efficiently as possible.

We will continue to update this page with how to guides and useful information, as well as tips and tricks, so please check back for all the latest!

Rental Equipment Software – Open Ended Hires and Late Returns

Late rental returnEvery hire and rental company suffers from customers returning items late, yet most software handles this in a haphazard way, usually by creating new jobs with the late returns, which can cause calculation errors, as well as a multitude of other problems.  Also some customers rent a bunch of items indefinitely (an open ended hire) and may return different items at different times, imagine how many jobs you would have to create for that scenario.

HireHop have made this process simple and intuitive, the way it should be.

If an item is late, HireHop will tell you how much is due and allow you to add at the press of a button all overdue charges. This enables you to make the informed decision as to whether or not you want to charge the client and by how much. All this is done from within one job without the headache of having to have multiple jobs just to handle one small hire. Charges and payments breakdown

HireHop will tell you how many items on future jobs might be late, enabling you to judge whether or not you can supply that item or will have to substitute it or sub a replacement in to cover your commitment.

For jobs that are open ended (have no determined end date) HireHop, allows you to periodically issue multiple invoices (or one invoice) whenever you choose, as well as allow items to be returned over various dates. HireHop will seamlessly breakdown and tell you what you need to charge for and by how much, all at the press of a button and all within the same job.

At HireHop we want to give you software works around you and makes your life easier, not the other way round.

Rental Equipment Software – Customized for Your Company

Customise hire rental softwareHireHop is complete, feature rich Rental Equipment Software in the cloud, with advanced functionality, intuitive workflow and a plethora of features, some of which are not found in any other rental management software. However sometimes users want specific features tailored to their unique needs.

HireHop is the only cloud software that can cater for these unique needs, giving your company a solution customized for your specific requirements, all being on a future-proof true cloud platform, available on any device, anywhere in the world.

We can implement unique features for you, from renaming words and phrases, to changing forms and pages, as well as adding new bespoke features you may need to run your company the way you want it to be.

We can implement custom features such as additional checks on equipment, or even a workflow tailored to your company’s specific needs. Due to our unique technology, written and developed by HireHop, any part of the HireHop software can be changed to be how you want it to be.

Call us today so that we can give you a free personal demonstration of what HireHop can do for you and your company. We can also quote you for anything you want customised so that can HireHop be tailored to work exactly how you want it to be.

 

Late Returns – Manage late returning hires

HireHop allows you to manage late returning hires with ease, giving you the tools to make informed decisions while maximising ROI on your rental stock.

A hire that hasn’t been marked as returned on your rental management software might not be late at all.  It would be counterproductive for your hire software to tell you that it was unavailable, for instance a hirer could just be running 5 minutes late, or the item could still be waiting to be checked in due to a backlog in the warehouse, etc. HireHop has provided you with the tools to enable you to make informed decisions and avoid turning down profitable hires just because your previous rental software tells you that it is unavailable, when in fact it is.

HireHop tells you if there is a possible late return conflict in your supplying lists, the availability grid and the pick-lists, enabling you to make informed decisions whether or not to hire in a replacement, chase or wait for the late item to return or just turn down the hire.  You can track at a click of the mouse what clients are late, by how long and how many items they haven’t returned on time.

Some companies excuse minor late returns to ensure good customer relations and some don’t. For late returns HireHop calculates how much the customer owes in late fees, enabling you to decide for yourself if you want to charge them or not.