How GDPR regulation changes will impact your fleet
Come May 25th 2018, companies throughout the UK are going to have to ensure they’re General Data Protection Regulation (GDPR) compliant. These new regulations are going to have a huge impact on all industries, especially where fleet is concerned.
That’s why this month we wanted to explore the ways in which GDPR is going to impact your fleet. However, before we start, you’ll find below some more information on what exactly GDPR is, and how it came into existence.
What is GDPR?
GDPR stands for General Data Protection Regulation. Its’ aim is to reform the 1998 Data Protection Act and strengthen the data protection rights of all individuals living within the EU.
GDPR will now supersede the older legislation and will introduce tougher fines for non-compliance and more stringent restrictions on how customer data is handled.
How will this impact your fleet?
Experts predict that by 2020, 90% of vehicles will be connected to handheld devices such as smartphones. Many drivers already use their phones as sat navs or for planning journeys, and sharing this data has become the norm.
However, for fleet operators who utilise location-based data in their vehicles, this is going to become a problem. They will need to establish the difference between data collection in the interests of their drivers, and data collection in the interests of their business.
This means that if a fleet utilises geo-location to make sure that drivers aren’t taking longer routes than they need to, the fleet manager or sales team will need to fully explain how their data will be used.
The driver must then consent for this information to be collected. In short, a business running a fleet needs to be clear about what data they are gathering, and why.
What key challenges will fleet hire and leasing companies face?
Craig McNaughton, corporate director of LexAutolease recently explained that there would be several key challenges facing fleet hire and leasing companies. These include:
- Who is liable for any data breaches, when company drivers aren’t covered by the leasing agreement
- Manufacturers will have to identify who their customer is. Would it be the hire and leasing company, the end-user fleets or the company car drivers?
- The deactivation of vehicle and driver data at the end of a contract or lease
He went on to explain during the ACFO’s spring “Big Data – Big Seminar” that: “Connected car data will fundamentally change our industry. We have a long way to go, but we must change from a rear-view mirror perspective to using data to predict the future and move from a leasing company that provides management information to a data company that leases vehicles.”
What else do you need to know?
What counts as personal data?
Under the new GDPR regulations, personal data is any information that relates to an identified or identifiable human being. This includes IP addresses from their computers, economical, geographical location, previous driving information and much more.
When can you process data under GDPR?
Once the legislation comes into effect, controllers of consumer data need to ensure that it’s processed in a transparent way. There must be a purpose for this data processing, and once that process has been completed, data must be deleted.
What are the fines for breaching GDPR regulations?
Companies who are in breach of the new regulations can expect a fine of up to 4% of their annual global turnover or €20 million, whichever is the higher amount. The 4% fine is based on turnover, not overall profit.
What happens if you suffer a data breach?
It will be your responsibility to let your data protection authority know of any data breach that puts the personal information of your customers at risk within 72 hours of you becoming aware of it. For the UK, the authority is the Information Commissioners Office (ICO).
However, before you let the ICO know about the breach, you must tell the people affected. If you fail to meet the 72-hour deadline, then your company will face a penalty charge of up to 2% of global turnover, or €10 million, whichever is higher.
Remember though, these new GDPR regulations will apply not just to the country itself, but everybody who supplies goods and services to an EU country.
What do you think? Are you preparing for GDPR or is the first that you’ve heard of the regulation changes?
If you are preparing, what actions have you taken already to ensure that your company’s compliant? We’d love to hear your thoughts, so please do let us know in the comments below.