Whatever the outcome of the Brexit deal, the UK is going to fully adopt the EU’s General Data Protection Regulations (GDPR) by May 25th next year and there is a risk of major fines for those companies who do not comply. Whether your hire business is large or small, if it handles personal data (including employee data) then it must have total GDPR compliance across all of its relevant systems.
Hire and events companies storing, receiving, transmitting, processing or checking images or information obtained by systems that fall within the category of “Surveillance Camera Systems” must consider in detail how, why, where and when they are being used. They need to consider issues such as consent, data security, retrieval protocols for information requests by data subject, deletion methods once data is no longer appropriate for purpose, accessibility to records, and breach reporting.
Another category of data collection is telephone calls. Recording any telephone call is classified as a form of data processing. As such, individuals must be informed how and why their data is being processed and any recordings must be stored securely in order to avoid security breaches.
From May 2018, the onus is on the hire sector to formally demonstrate compliance. Think of it like drawing up a health and safety compliance policy. The law will dictate that businesses proactively implement, maintain and update protocols and policies to form a data protection policy which must include a specific call recording policy.