Ensuring you are fully compliant with the law when operating a business is crucial. If not, you risk potentially finding yourself and your business, in serious trouble with the law.
A regulation that you must comply with as a business is the General Data Protection Regulations, or GDPR as it is more commonly known, which was introduced on the 25th May 2018. It is the toughest privacy and security law, and was set up to protect individuals’ rights and personal information, specifically how it is used and stored by businesses.
As an employer or fleet manager, you will have access to, and be in control of, a large amount of personal information about employees, so it is of utmost importance that you know all about GDPR and ensure your business is compliant. In this guide, we’ll explain the details of GDPR, how it affects your fleet management data, and how to make sure you are complying with the regulations.
What Is GDPR?
The General Data Protection Regulations set out 7 key principles relating to personal data, stating that it must be:
1. Collected for specified, explicit and legitimate purposes.
2. Adequate, relevant and limited to what is necessary in relation to the proposed for which they are processed.
3. Accurate and, where necessary, up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate is erased or rectified without delay.
4. Kept no longer that necessary, to fulfil its purpose.
5. Processed along the lines of the individual’s human rights.
6. Protected against unauthorised or unlawful use, loss or destruction.
What Does GDPR Mean For My Fleet?
As aforementioned, when managing a fleet, you will be handling different types of data about your fleet vehicles, drivers and any other employees that are involved in the operation. When storing this data, you must be absolutely sure of where the data is coming from, how accurate it is, why you are collecting it and how securely the data is stored.
Some examples of data you may be collecting include:
- Contact Details
- Medical Records
- Career History
- Details of Driver Licence
- Driver Behaviour
- Training Certificates
- Location and Journey History (with fleet tracking devices)
Age, gender, address, contact details, medical records and career history are pieces of information most employers hold about their employees, however, as a fleet manager, you may store even more information, such as their driving licence details, driver behaviour and training certificates. This information is required to ensure your employees are qualified to drive your company vehicles and that they are safe to do so.
Under GDPR, you must first obtain permission from your employees before checking their licence, or requesting certain information. This is in order to bring greater transparency between employers and employees when it comes to what kind of personal information is being held about them, and why this is required. Data kept about driver safety can be kept throughout their entire employment as it is necessary in order to comply with safety regulations.
In fact, you should be checking your drivers’ licenses at least once a year to keep up-to-date with things such as penalty points that could potentially prevent them from driving. This information should be checked, and updated, frequently to ensure it is accurate in order to comply with the third principle of the regulations.
Data Collected by Fleet Tracking Devices
If you use fleet managing devices and software such as fleet trackers, you need to be especially careful with what kind of information is being collected and recorded. To begin with, you must make your employees aware that the vehicle they are driving is fitted with a tracking device and explain why you are holding this information. One important point to remember is that you should only be tracking a vehicle for reasons that relate to the running of the business and not just employee behaviour, as tracking an individual, rather than the vehicle they drive, means you are in breach of the law.
Some employers may wish to hide a tracking device in their vehicles, sometimes known as covert tracking. The majority of the time, this is just used to prevent theft or to protect the company’s reputation. This is perfectly legal, so long as the driver is aware that the tracking device is there.
Similarly, if you allow your drivers to use company vehicles for personal use, you must provide them with the option to turn off the tracking via a privacy button or similar option.
How Can I Make Sure the Data is Secure and Protected?
With Fleetsmart, all of your driver journey information is kept on a secure database that is hosted in data centres certified by ISO 90001 Quality Management and ISO 27001 Security System Standards. To ensure your data is secure within your own organisation, make sure only those who need the data are granted access, and protect this data with strong passwords. Considering implementing anti-malware systems to prevent sensitive information getting lost or being hacked into, is also a factor which should be considered.