The arrival of GDPR has compelled businesses across every sector to make significant changes to the way they handle and protect data, including that of their employees. The fleet industry is no exception. But how has fleet management been affected by GDPR? Here are just five ways in which the arrival of GDPR has changed the fleet sector.
1. Driver licence checks. Following the introduction of GDPR, fleets now need to ensure that their drivers sign consent forms for driver licence checks. This is an important part of drivers’ GDPR rights and is just one of the privacy requirements imposed by the legislation. The Driver Vehicle and Licensing Agency (DVLA) supplies these forms, which drivers must sign in order for their consent to be considered valid.
2. Driver consent: when is it required? GDPR is designed to give individuals more control over their data, but there are circumstances in which driver consent is not necessary. These circumstances come under a number of categories, including contractual obligation and legitimate interest. However, it is important to be completely clear about which category is which, as GDPR is a tricky subject and often causes confusion between said categories. To clarify:
- A contract or legal obligation allows fleets to navigate driver consent where a firm is pursuing the essential interests of a contract or abiding with legal requirements.
- Legitimate interest exceptions apply in instances where data collection (e.g. telematics data collection) can genuinely be said to be in the best interests of employee as well as employer. This might include, for example, health and safety. However, this must be documented and accounted for properly.
3. Fleet data security. GDPR also emphasises the importance of ensuring robust security when it comes to the collection, storage and use of data (telematics data protection, for example, is one aspect of this). This includes choosing suppliers: operators must ensure that suppliers demonstrate a solid understanding of GDPR and have comprehensive security measures in place.
4. Private and business vehicle usage. Some drivers may use the same vehicle both for business and private purposes. Fleets must ensure that they have legal basis for the driver data they collect and use. Driver consent forms and written agreements should be drawn up with this in mind – fleet managers must be clear with drivers about which data will be collected and what it will be used for.
5. Spreadsheets: are they secure enough? Fleet tracking and telematics systems have allowed many fleets to reduce their dependence on spreadsheets, but the introduction of GDPR has forced fleets to reconsider whether or not they’re adequate to their altered security requirements. It seems, therefore, that GDPR has further accelerated this shift away from spreadsheets and paper.
The most important point to remember at all times with regard to GDPR is that transparency is crucial. It is essential that fleets engage in a way that’s totally upfront and honest when seeking to make use of personal data. Processes must be robust, clear and comprehensive, so as to ensure effective and consistent compliance, and to protect your firm from the risk of legal sanction.
Please note: This content is not to be considered as legal advice. For any further information on the General Data Protection Regulation please click here.
Find out more about how Teletrac Navman’s fleet compliance and risk management solutions can help your business streamline and simplify these processes.