How the General Data Protection Regulation (GDPR) impacts taxi companies

It has been a few months since I last wrote a blog article, but with May the 25th being a milestone in the history of personal data protection with the General Data Protection Regulation (GDPR) coming into full effect it seemed appropriate that I firstly, just put all my customers minds to rest concerning the way ACRE Cars protects their data and assure them that data privacy is a particular subject we take very seriously and have and continue to ensure our processes and systems treat data privacy as a priority. And secondly, to just explain why data privacy is important and how this impacts other private hire operators, taxi companies and the taxi industry as a whole.

Each month I try to write a blog article. So allow me to introduce myself. I am Tristan Priddis, owner of a Hoddesdon pre-booked car and taxi company called ACRE Cars. The range of topics for my blog, and making them relevant is challenging, however, I keep one thing in mind and that is to be useful to the local people of Hertfordshire and to be of interest to a wider audience.

Further information can be found on the ACRE Cars GDPR policy here.

So what is GDPR?

Well, this is a very long answer on the Information Commissioner’s Office (ICO) website but is an extremely important point of reference. However, I found that Wikipedia had a much better answer to explain this. Please forgive the cut and pasting. I have reduced the wording as much as I could:

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Superseding the Data Protection Directive, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union.

Business processes that handle personal data must be built with privacy by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data’s owner. The business must allow this permission to be withdrawn at any time.

A processor of personal data must clearly disclose what data is being collected and how, why it is being processed, how long it is being retained, and if it is being shared with any third-parties. Users have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances. Public authorities, and businesses whose core activities centre around regular or systematic processing of personal data, are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR. Businesses must report any data breaches within 72 hours if they have an adverse effect on user privacy.

It was adopted on 14 April 2016, and after a two-year transition period, becomes enforceable on 25 May 2018. Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.

Ok, so that is rather a lot to take in, but in short that is why you have been receiving hundreds of emails about confirming that you wish to opt-in to receiving further marketing and other communications from all those companies we have supplied our email addresses to in the past.

If a taxi company takes a booking it is without a doubt processing personal data, it is also collecting it and therefore storing it and it should be done so in compliance with the law and also ensure it is secure and not used for any other purpose.

ACRE does not engage in email marketing campaigns so you have at least been spared by us.

So why should the taxi industry be taking this so seriously?

Well, beyond the obvious that it is legally binding, it is also about giving our customers confidence that we take our customer’s personal information seriously and that it has been provided with trust and that it will not be abused or used in ways than it was originally intended to be used for.

We as the providers of a service need to ensure we are doing our utmost to be leaders in this area, to be seen as professional, and morally responsible.

There will be those companies that think it does not apply to them or is just a waste of time or are pro-brexit and is exactly why they voted out i.e. EU law being put on us. And they may be right. However, data privacy has always been a concern of the world and EU law or not it is something we should take seriously.

Finally, if your next taxi company competitor is not taking GDPR seriously, you can bet your customers are and therefore it is a point of competitive advantage to show that you take it seriously, that you have procedures in place to process customer information.

So why not just get on board and make sure you are compliant. It is good for business.

So rest assured ACRE Cars has taken GDPR seriously and has a written policy in place and GDPR statements explaining this on the website. Please read more here.

Until next time,

Owner ACRE Cars

Interested in becoming a hackney carriage or private hire driver? You may wish to read this article; Working as a Private Hire driver for ACRE Cars Taxi’s.

ACRE Cars is looking to recruit new drivers, If you have any questions or want to discuss the possibilities please contact me.

You can follow ACRE Cars on Twitter and Facebook.

ACRE Cars is a competitive car service. Our rates to airports and collection from airports and other transport hubs are extremely competitive to any other taxi or minicab company running similar services and ACRE also includes free of charge hire of a child safety seat, for long journeys, for each child passenger under four years and under the height of 135 cm.
We pick up customers locally from Hoddesdon, Broxbourne, Wormley, Cheshunt and London as well as Nazeing, Stanstead Abbotts, Ware, Hertford, Hertford Heath, Hailey and Harlow and all other neighbouring towns and villages. Popular airport taxi transfers include Stansted Airport, Heathrow Airport, Gatwick Airport, Southend Airport, Luton Airport and London City Airport. Sea Port transfers and major train stations including Victoria, Kings Cross St Pancras, Stratford Ebbsfleet and Ashford.
The views in this blog article are my own and based on my own research using the internet and not that of ACRE Cars or ACRE group.