How does GDPR affect Businesses using GPS Tracking systems to monitor their Employees?
GPS Tracking systems that enable businesses to track their employees and fleet vehicles in real-time revolutionized the way businesses operate. For over a decade GPS-based services have been assisting companies with the ever-increasing demand for information. However, this process also involves gathering sensitive personal information on employees which the EU considers dangerous and open to misuse. As of May 25, 2018, the EU General Data Protection Regulation(GDPR) will come into effect in full force. The EU GDPR replaces the Data Protection Directive which was in use since 1995. The new law is designed to improve the data privacy laws across Europe; to protect the personal data of the EU citizens and help companies regulate the information they gather about their workforce as well as their customers.
What is The EU GDPR?
The General Data Protection Regulation is a comprehensive data protection law, which expands the existing privacy rights of EU citizens and places strict regulations on businesses that gather and use personal data for providing services. The GDPR emphasizes on the “processing” specifically; on how an organization or an entity collects, stores and uses any data regarding the individuals living in the UK. The GDPR will reform the eight data protection principles in the Data Protect Act that was in effect since 1998 in the United Kingdom. The law will also introduce new rules about transparency, accountability and the proof of consent in the matters of how personal data is gathered and stored. Empowering EU citizens as the owner of their personal data is key to the GDPR. Under the new regulation, the concept of personal data is very broad and includes any information that can be used to identify an individual. The EU GDPR aims to unify privacy laws across the continent and keep enterprises on a short leash regarding the use of personal data.
How Will GDPR Affect Fleets?
The owner of a fleet business may ask “What does this have to do with my company?”. Fleet management systems are heavily reliant on telematics data; it is essential for fleet companies to know the real-time location of their employees for managing the health of the fleet as well as organizing routes. That is what makes this new law monumental for fleet companies because they have to make sure that drivers understand how the employers handle their data. In addition, managers must maintain an audit trail to show the authorities on demand. Fleet businesses gather and keep a wide range of personal data regarding their drivers including contact details, medical conditions, driving habits and real-time location. One can understand why the EU worries that the data in the hands of fleet businesses must be protected against all types of unauthorized access. Misuse of sensitive information such as location data can lead to devastating consequences for individuals. If you think about it, the more organizations and companies have access to individuals’ personal data, the more influence they have on individuals’ life choices.
GDPR Fines and Penalties
The new fines for not complying with the GDPR are designed to act as a reminder of how important the protection of data privacy is to the EU. Breaching the new regulation can trigger fines up to €20 million(£17.9m) or 4% of the global annual revenue per incident depending on the severity of the situation. It is a tremendous increase from the current £500.000 maximum amount for a data breach indicated in the Data Protection Act 1998. The fines and penalties are determined by looking at the intention, type of the data, history and the preventative measure taken by businesses.
Is Your Company Ready?
Any company that operates within the EU borders or acquires data from individuals living in EU countries requires to be compliant with the GDPR. As it is seen from the massive rise in the fines, the EU is serious about how a company handles personal data. It is vital for companies to revise their existing policies to accommodate the changes GDPR brings. There are certain steps to follow in order to make a business compliant with the new regulation. Consent is one of the main focuses of the new law; fleet businesses benefit from the personal data gathered from the GPS Tracking devices installed in their employees’ car so the first step should be to inform the drivers about the new law and receive their consent regarding the use of their sensitive data. As per the GDPR, every company is required to assign a data protection officer who is in charge of monitoring and managing the data acquired from GPS tracking devices. The DPO also has a responsibility to prove that there is no conflict of interest regarding data protection. Every department that has access to the employee data or has some control over the data flow must be ready to collaborate and have a comprehensive knowledge of how the company manages its data practices. The General Data Protection Regulation demands greater transparency and control over the information companies process and exchange with third parties. Companies are expected to verify compliance whenever required and to show that a business is in line with the new regulations, business owners and managers need to make sure the access to the personal data is limited, and all the protective measures has to be taken.
The EU GDPR is expected to make a huge impact on all businesses, and it is considered as the most important change in the data privacy regulation in the last 20 years. Fleet businesses handle vast amounts of data about their drivers and customers, and it is the reason why they need to be ready for the incoming changes. Fleet managers must integrate secure data handling systems into their infrastructure that meet the terms of the new law, appoint a DPO and ensure the company policies cover all the rights employees will have under the GDPR.