The incoming GDPR regulations require a major change in the way fleets handle telematics data, but if businesses carefully follow a number of steps in managing this information, they should be safe from being fined.
Towards the end of this week, on May 25, the General Data Protection Regulation (GDPR) comes into force, beefing up the current Data Protection Act, and requiring more accountability from firms in holding and processing their employees’ personal data and showing reasons for keeping it. Failure to comply could result in penalties of up to €20 million or 4% of revenue.
GDPR also applies to all telematics data, covering such information as journeys, mileage, speeding, fuel usage, time on the road and any other data produced by tracking that is referable to an individual employee. Firms will have to prove what lawful basis they have for collecting this information and why it has been kept.
If they adopt the ‘legitimate interest’ for processing personal data, they should have carried out a ‘Legitimate Interest Assessment’ on the personal data they collect and keep before 25 May. They should also have issued a revised privacy notice to all employees dealing with telematics data in detail.
“Telematics has revolutionised the fleet sector, making it possible for businesses to get extremely accurate information on the action and behaviours of their employees and the operational state of their vehicles when they are out on the road,” says Crystal Ball managing director Raj Singh.
“There was concern that GDPR would negate this at a stroke, because employees may have been able to ask to have their personal data deleted, but if you follow procedure and demonstrate good practice and lawful use of that data, then telematics will still be integral to fleet operations.”
To help fleets negotiate these new regulations, Crystal Ball has produced a White Paper summarising the obligations companies have in terms of processing and holding personal data and what they have to demonstrate and document in order to be compliant.
“We felt there was a lot of conjecture about GDPR, some of it wildly innaccurate, and so we created this White Paper to summarise what fleets need to know. The simple message is ‘Don’t Panic!’ – if they properly manage telematics data, fleet managers should have nothing to fear from GDPR.
“Yes, there are a number of changes to the way they should manage what they have, not least in ensuring that personal data which identifies employees is securely protected and that employees are fully notified of the collection and processing of their personal data. These are not entirely new processes, however, and are an evolution of the current Data Protection law, not a revolution.”
Crystal Ball’s unique award-winning SmartCam solution integrates telemetry with forward-facing 3G HD video capabilities and as a result its customers have an unusually rich data stream from their vehicles, but Singh is confident that even those fleets managing such granular levels of information and personally-identifiable content can be compliant under GDPR.
“Our customers get more data than most from their vehicles, which is why we have been consulting on GDPR for such a long time, and as a result we have a complete view of how GDPR needs to be addressed in the telematics field. We felt it was important for all businesses to see what our customers have seen, which is why we have produced this White Paper.”