Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Business

Understanding GDPR for fleet professionals

Understanding GDPR for fleet professionals

Djamel Souici, Group General Counsel, Masternaut 

On the 25th May this year, the General Data Protection Regulation (GDPR) came into effect, but it remains a hot topic for many organisations. GDPR refers to a new governance, designed and developed by the European Union, which aims to strengthen and unify data protection laws consistently throughout the EU.

Organisations established in the EU and companies who process personal data of EU citizens are both required to adapt to and comply with the new regulations. Failure to do so could result in administrative fines of up to €20million, or 4% of annual global turnover. Whilst these new regulations have caused some consternation across many industries, the implementation of GDPR is mutually beneficial, as it aims to support and improve the data rights for all EU residents. Essentially, it will increase transparency by allowing individuals to control any personal data held against their name.

When it comes to fleet management, operators should be aware that the way driver data is defined and managed will need to be brought into line with the new standards. The definition of personal data has been expanded so that it includes everything from the driver’s name, identification number and address, to the data that is held on telematics systems. As a market-leading provider of vehicle tracking and telematics solutions, Masternaut is well placed to consider three of the most common questions asked by fleet operators on how GDPR will impact their day to day operations.

How can fleet operators identify a legal basis for data processing? 

Any fleet operator managing personal data is required to identify a ‘legal basis for processing’ according to GDPR. Whilst many organisations have assumed that driver consent is the only way to legally process their data, this is arguably the least suitable option. There are a number of other options, which for many fleet operators, offer a better ‘legitimate basis’ for processing:

  • The performance of a contract – e.g. when telematics devices are used to record driver working hours.
  • Compliance with a legal obligation – e.g. to protect the interests of the data subject (i.e. the driver).
  • To fulfill a task in the public interest – e.g. if a task is being carried out for the benefit of the general public.
  • To pursue legitimate interests – e.g. there is a mutual interest between operator and driver, such as fraud prevention, or safety.

It is essential that fleet operators find a happy medium between the interests of its business operations and the rights of driver. Regardless of the method chosen for data protection, drivers should be kept well-informed about the new procedures, as GDPR places great emphasis on transparency in data collection and processing.

How will the new regulations affect fleet operations? As noted, GDPR places great store in transparent data collection and that the processes associated with this are well-documented. Whilst the role of the driver in a fleet operation is unlikely to change, the fleet operator or manager will need to adapt to the new processes.

Any information captured from drivers should be justified and documented e.g. why the operator needs the information, what will happen to it, who will be able to access it and how long it will be stored.  For organisations with over 250 employees, all processing activities must be recorded in writing and electronically, including the following details:

  • Name & contact information of the data controller & of any recipients of the data
  • The purpose of processing this data
  • The categories of the data subjects/personal data being recorded
  • Whether the data is being transferred to external countries/international organisations
  • The data retention times
  • An outline of the technical and security procedures in place to protect data

 What should businesses look for in a telematics service provider? 

When it comes to selecting a telematics vendor you should choose a reputable supplier that handles personal data in a way that is fully compliant with GDPR. Not only is a good understanding of GDPR essential, your service provider should have robust data security, so you can rest assured that any data is fully secured.

Finally, you should ensure that your telematics provider processes, stores, manages and backs-up all data within the EU/EEA, or has an equivalent level of protection in place, such as the ‘Privacy Shield’ arrangement in the USA.

Despite the challenges that have been associated with the preparation for GDPR, this significant update in data protection regulation represents a major step forward for individual rights. The new rules are not designed to “trip up” business but are being implemented to protect personal data in a far more comprehensive and holistic manner.

Compliance is simply an extension of existing best practice.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post