GDPR and driver data: What’s going to change?
In May 2018, UK Data Protection rules will undergo their biggest change for over two decades, as the General Data Protection Regulation (GDPR) replaces the previous Data Protection legislation across the EU.
The new rules are designed to give greater protection and rights to individuals, while at the same time making companies much more accountable for the security and proper handling of people’s personal data.
How GDPR could impact you
GDPR grants new rights for individuals including:
- Subject Access Requests – in essence, this gives you a more straightforward and cost-free method of accessing any data that companies hold about you
- Automated decisions – you have the right not to be subject to any “automated decision” that would significantly affect you
- Deleting data – you have the right to request that companies delete your personal data. This applies to certain sets of circumstances, such as when the purpose for gathering the data has been fulfilled; when consent is withdrawn; and when there is no legitimate interest or the data was unlawfully processed
- Accurate data – you have the right to ensure that companies correct any errors and maintain data accuracy
How GDPR will impact companies
GDPR places new responsibilities placed on companies including:
- More stringent rules around the collection and use of personal information
- Greater emphasis on providing a clear and unambiguous explanation of the personal data that we process, how we process it and with whom we share that data
- Mandatory notification of a security breach to the UK regulator within 72 hours of identifying the issue
- Notifications to any individuals impacted by a security breach
Companies also face much greater penalties under GDPR than under the previous legislation – for the most serious breaches, companies can be fined up to a maximum of €20 million or 4% of their global turnover.
Experts in data protection
As a vehicle tracking company, Trakm8 has always sought to follow best practice in data protection. We also have carefully monitored developments in legislation, in order to ensure that we were fully prepared for any changes.
Over the past few years, we have taken a number of steps to enhance our systems and processes. In 2014, the Group embarked on a project to review and update our internal controls. This ultimately led to us achieving accreditation to the Information Security standard ISO27001. This is an internationally-recognised standard for ensuring the secure processing of information, giving our customers hard evidence of our commitment to data protection and privacy. ISO27001 covers the handling of all types of information whether that is personal information, financial records, intellectual property, or commercially-sensitive information.
Before GDPR was even formally approved, we had been working hard to improve our products, services and internal processes. In this we can assure customers, employees and other stakeholders that Trakm8 provides the highest possible levels of privacy and security.
Taking the right steps
The steps we have taken to ensure best practice in data protection include:
- We have reviewed all of the personal data that we currently hold to ensure we are only keeping relevant, up to date and accurate information
- We have developed new products which not only leverage the latest technology but that also have significantly enhanced security features, such as improved encryption of our telematics messaging systems
- We have invested in our internal and customer-facing IT platforms to improve reliability and security and to improve our monitoring capabilities. This enables us to identify potential issues and address them more successfully - and also to better defend against malware, viruses or malicious attacks
- We have already revised - and are continuing to revise - all of our Group websites to be more informative and transparent regarding our use of personal data. Most of these changes were live at the end of 2017, and we will roll out the remaining changes in early 2018
- We are rolling out new processes to manage the increased rights of individuals and to respond to the increased responsibilities placed on us by GDPR
- We continue to train all of our staff in data protection and information security – this training has been updated to cover the additional GDPR requirements
Here to help
Whether you use our vehicle tracking, dash cams, driver behaviour analytics, optimisation software, or a combination of our solutions, you can rest assured that your data is in safe hands. If you have any questions about GDPR, please feel free to contact us.
You can also access more information about GDPR from the website of the Information Commissioner’s Office, www.ico.org.uk
Share this article: