Fleet operators have been told “don’t panic” over the
introduction of the General Data Protection Regulation (GDPR), which comes into
force today (Friday, 25 May).
Vehicle camera and mobile tracking system supplier Crystal
Ball says GDPR requires a major change in the way fleets handle telematics
data, but if businesses carefully followed a number of steps in managing the
information, they should be safe from being fined.
Crystal Ball has published a GDPR white paper and managing
director Raj Singh said: “Telematics has revolutionised the fleet sector,
making it possible for businesses to get extremely accurate information on the
action and behaviours of their employees and the operational state of their
vehicles when they are out on the road.
“There was concern that GDPR would negate this at a
stroke, because employees may have been able to ask to have their personal data
deleted, but if [fleet managers] follow procedure and demonstrate good practice
and lawful use of that data, then telematics will still be integral to fleet
GDPR requires more accountability from firms in holding
and processing their employees’ personal data and showing reasons for keeping
it. Failure to comply could result in penalties of up to €20 million or 4% of
Regarding telematics data, covering such information as
journeys, mileage, speeding, fuel usage, time on the road and any other statistics
produced by tracking that refers to an individual employee, firms will have to
prove what lawful basis they have for collection and why it has been kept.
Mr Singh said if companies adopted the ‘legitimate
interest’ for processing personal data, they should have carried out a ‘legitimate
interest assessment’ on the personal data they collect and keep. They should
also have issued a revised privacy notice to all employees dealing with telematics
data in detail.
Mr Singh said: “We felt there was a lot of conjecture about
GDPR, some of it wildly inaccurate, and so we created a white paper to
summarise what fleets need to know. The simple message is ‘don’t panic!’ If
fleets managers properly manage telematics data they should have nothing to
fear from GDPR.
“There are a number of changes to the way they should
manage what they have, not least in ensuring that personal data which
identifies employees is securely protected and that employees are fully
notified of the collection and processing of their personal data. These are not
entirely new processes, however, and are an evolution of the current Data
Protection law, not a revolution.”