New guide to GDPR and telematics data
Telematics and dashcam provider Crystal Ball is urging fleets not to panic over this week’s introduction of GDPR regulations as it outlines the legal position and practical solutions in a new white paper.
Coming into play on 25 May, the EU General Data Protection Regulation (GDPR) replaces the Data Protection Act – the biggest shake-up in data protection for 20 years – and means fleets not complying risk fines of up to €20m or 4% of revenue.
Although the changes require a major change in the way fleets handle telematics data, businesses that carefully follow a number of steps in managing this information, should be safe from being fined, says Crystal Ball.
Firms will have to prove what lawful basis they have for collecting telematics information and why it has been kept. If they adopt the ‘legitimate interest’ for processing personal data, they should have carried out a ‘Legitimate Interest Assessment’ on the personal data they collect and keep before 25 May. They should also have issued a revised privacy notice to all employees dealing with telematics data in detail.
To help fleets negotiate the new regulations, Crystal Ball has produced a White Paper summarising the obligations companies have in terms of processing and holding personal data and what they have to demonstrate and document in order to be compliant.
“The simple message is ‘Don’t Panic!’ – if they properly manage telematics data, fleet managers should have nothing to fear from GDPR,” said Crystal Ball managing director Raj Singh.
“Yes, there are a number of changes to the way they should manage what they have, not least in ensuring that personal data which identifies employees is securely protected and that employees are fully notified of the collection and processing of their personal data. These are not entirely new processes, however, and are an evolution of the current Data Protection law, not a revolution.”
To download the White Paper, click here.