Penny Searles' blog: Get ready for GDPR
14 September 2017
Do you have GPS or tracking devices in your vehicles?
If so, you may already know that from May next year, the rules change around the data you have access to from those vehicles. It's a big change and failure to comply may result in a fine worth 4% of the annual turnover of your company. That's going to hurt.
What's happening is that in May, the Data Protection Act (DPA) will be replaced by the EU's General Data Protection Regulation (GDPR). This will provide a framework with greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data. GPS data constitutes personal data under the new regulations.
Currently, the use of data has been governed by the Data Protection Act. It's probably fair to say that the rules around data collected from vehicles has been unclear as has the question of who owns that data - the driver or the business? In addition, fines related to the misuse of data have been relatively minor. However, under the new GDPR, there is no question that the data belongs to the driver and they must give their consent for it to be used.
From next year, the Information Commissioners Office which has responsibility for enforcing the GDPR, will be funded entirely from the fines imposed so we can expect it to be rigorous in its efforts to establish those businesses who are in breach of the new regulations. It's also worth pointing out that fleets have the potential to provide a bigger source of income than the private car market so the sector needs to prepare for much greater scrutiny.
To ensure compliance, a process need to be put in place to explain to the driver how the data is used and to obtain their consent for the data from the vehicle to be collected by the business. As long as consent is obtained, recorded and updated as drivers join or leave the business, businesses have complied with the new rules.
Unlike the insurance sector which has operated in a heavily regulated environment for a number of years, and took the view early on that driving data belonged to the driver, this change is quite new territory for the fleet sector. But there is still time to prepare, by putting the right processes in place, ensuring there is a clear audit trail showing driver consents.