GDPR creates new challenges for fleet management
Fleets are set to face significant administrative challenges with the imminent arrival of the General Data Protection Regulation (GDPR).
More than two million drivers will have to grant permission to their fleet operators to check their driving licences. While the new data legislation comes into effect on 25th May 2018, the DVLA has granted a three-month transition period to allow all businesses to create new processes and comply with the new regulation.
Checking entitlement to drive
It’s the responsibility of all fleet operators to check their driver’s entitlement to drive. The GDPR applies to all private and public organisations processing personal data, and driving licence information falls under this criterion. All organisations must ensure that they have the appropriate consent of individuals in order to process their data.
Helping fleets comply
While GDPR compliance is proving to be a significant administrative challenge, there is assistance available for fleet companies from the Association of Driving Licence Verification (ADLV). The ADLV work closely with the DVLA to ensure best practice in the validation of driver entitlement and they’ll be contacting their customers to provide detailed advice on the new compliance requirements.
What are the new requirements for fleets?
The new standards require all parties who are responsible for licence checking to demonstrate that their new fair processing declaration has been signed by the driver. This data must also be stored in a way which means that they can be checked and audited by the DVLA in order to ensure that they comply with the new GDPR regulations.
A mammoth task
Malcolm Maycock, Chair of the ADLV said: ‘The security of data and compliance in accordance with legislation, whether it is data protection regulations or current work-related road safety legislation, is a core business function of ADLV members. While this is a mammoth task in a short timeframe, our members are committed to ensure that all processing is correct and complies fully with the new GDPR legislation. The good news is that the new Data Processing Declarations will continue to remain valid for three years from the date permission is granted.’
ACVM is prepared for GDPR
David Cooper, Managing Director at ACVM, said: ‘Data protection is always one of our top priorities and we’ve been preparing for GDPR for a significant period of time. While there are a number of challenges, GDPR also brings a great opportunity for organisations to review their data processes and ensure that they meet the highest standards. We’ll be providing detailed advice to all of our customers and talking to them about our own processes to ensure they understand everything that’s required ahead of the August deadline to keep their fleets running.’