Gearing up for GDPR compliance

It is estimated that at least 23 million connected vehicles are on the road today and that by 2020 the number of connected vehicles will grow to 381 million globally. The internet of things (IoT) is changing the way many businesses function, including how vehicle fleets are managed. The European Union’s General Data Protection Regulation (GDPR) will come into effect on May 25, 2018 to replace the 1995 Data Protection Directive.

Many organizations that operate or have employees in the EU or that have EU based customers are now revising their policies and procedures to ensure compliance by the effective date.

While some fleet managers may view GDPR as a daunting compliance project, the GDPR is, in many ways, a legislative continuation of existing data privacy principles. In fact, the GDPR could be viewed as an opportunity to demonstrate to customers, regulators, suppliers, and the public that responsible data governance is a core feature of the organization.

GDPR compliance: Challenges and opportunities

GDPR compliance will be one of the most important challenges for businesses that operate in the EU in 2018.

For the IOT and telematics industries, compliance with GDPR will be of paramount importance. It is vital these companies “dig into” their data for a comprehensive understanding of the data they collect and process both internally and externally. Compliance professionals, legal counsel, executive management, security experts, data scientists, and other stakeholders will need to know:

• What data do they have?
• What purposes is the data used for?
• Where is the data stored?
• Who has access to the data?
• How is access to data controlled?
• What measures are used to protect the data?

The purpose of the GDPR is to provide a comprehensive regulatory framework for the protection of personal data of EU citizens. EU citizens whose personal data is collected and processed have important rights under GDPR that organizations must take into consideration.

Making GDPR compliance a company-wide project is crucial and efforts will require management buy-in as well as detailed input from subject matter experts throughout the organization. Thoroughly understanding your organization’s business operations from a data-centric perspective will help your organization to identify data inflows and outflows, catalogue third party processors of data, identify redundancies and efficiencies that can be realized, and  assist organizations in properly formulating their overall compliance efforts.

GDPR and fleet management

Fleet management is a data-driven business activity. Fleet managers must consider the data they collect and process, who they collect it from (e.g. their drivers), how they process the data, where it is processed or transferred, and who, if anyone, they use to process the data. Obtaining the proper consent(s) and establishing the legitimacy of the data collection and processing are critical components of GDPR compliance.

GDPR compliance can be used as an opportunity to foster cooperation between fleet managers and drivers (or their unions/work councils). As part of obtaining driver consent to data collection, fleet managers can thoroughly explain what data is captured, how the data is captured, how it is used, the benefits to the organization and the benefits to the driver. For example, developing a driver scorecard program with the consent of drivers provides clear benefits to the fleet manager, drivers, and promote the responsible, transparent, and legitimate use of data.

Geotab and GDPR

Geotab’s open platform telematics solution can provide fleet managers with the tools they need to operate their fleet in a safe and secure manner and protect the valuable data of their fleet operations and drivers. Fleet managers can use the Geotab solution to enhance their fleet operations to increase fuel efficiency, reinforce driver safety, and reduce maintenance costs.

Since GDPR is a comprehensive piece of legislation, it does not specifically address the issue of telematics or fleet management. Rather, it lays out a framework for all industries to comply with in terms of how data is to be collected, processed, and safeguarded. The Geotab solution can provide reassurance that fleet management data will be protected through Geotab’s robust data security measures.

While it is vitally important to improve business operations to increase the bottom line, there are additional benefits for customers, employees, society at large, and the environment which should not be ignored.

More specifically, the Geotab solution makes it possible to analyze vehicle data so that it can be used for driver coaching to increase driver safety, which in turn helps improve public road safety. Leveraging Geotab to improve route efficiency and employ preventative maintenance strategies can also improve productivity and provide environmental benefits such as decreased fuel consumption and lower emissions.

Preparing for GDPR has been an ongoing project for Geotab. As a data processor for our customers, Geotab is aware of the importance of providing fleet managers with a reliable and secure fleet management solution that provides end to end data security.

Geotab has undertaken data processing impact assessments (DPIAs) and has made publicly available the technological and organizational measures it employs to protect its customers’ data. Geotab also works with expert external advisors, legal counsel, technology experts, and security consultants to implement robust data protection systems that comply with GDPR’s requirements.

The road ahead

Compliance with the GDPR will present a challenge to all organizations doing business in Europe, including those with fleet vehicles. Compliance with GDPR is not optional, and concerted efforts must be taken by fleet managers with organizational buy-in from top to bottom.

While there is no question that the challenge is significant, there are opportunities for organizations to showcase their commitment to data security and transparency through the responsible use of data. More specifically, fleet managers can use Geotab’s solution to demonstrate to their drivers (as data subjects), customers, suppliers, and regulators that they appreciate the significance of responsible data governance while reassuring all stakeholders that the data is legitimately and transparently used for innovation in connected vehicles, enhancing the efficiency of fleet operations, strengthening environmental responsibility, and, most importantly, elevating driver and public safety.

Stay informed. For the latest fleet news and Geotab updates, please subscribe to the Geotab newsletter.

Related:

Whose Data Is It Anyway?

Who Owns Vehicle Data?