News

GDPR and Driver Data

49 Days Ago

This May, UK laws governing data protection will undergo their biggest transformation in over two decades. Across the EU, the General Data Protection Regulation (GDPR) will replace existing data protection legislation.


The new laws aim to give greater protection and rights to individuals, while at the same time making companies much more accountable for the security and proper handling of people’s personal data.

How GDPR will impact companies


GDPR places far more responsibilities on companies to properly manage data. These include:
 

  • Mandatory notification of a security breach to the UK regulator within 72 hours of identifying the issue
  • Notifications to any individuals impacted by a security breach
  • More stringent rules around the collection and use of personal information
  • Greater emphasis on providing a clear and unambiguous explanation of the personal data that you process, how you process it and with whom you share that data


Corporations also face much greater penalties under GDPR than under the previous legislation – for the most serious breaches, companies can be fined up to a maximum of €20 million or 4% of their global turnover.

How GDPR could impact you


GDPR also confers new rights for individuals, which include:
 

  • Accurate data – you have the right to ensure that companies correct any errors in data that they hold on you, and maintain data accuracy at all times
  • Deleting data – you have the right to request that companies delete your personal data. This applies to certain sets of circumstances, such as when the purpose for gathering the data has been fulfilled; when consent is withdrawn; and when there is no legitimate interest or the data was unlawfully processed
  • Subject Access Requests – in essence, this gives you a more straightforward and cost-free method of accessing any data that companies hold about you
  • Automated decisions – you have the right not to be subject to any “automated decision” that would significantly affect you


 

Experts in data protection


As an optimisation specialist, Route Monkey has always sought to follow best practice in data protection. We also have carefully monitored developments in legislation, in order to ensure that we were fully prepared for any changes. Over the past few years, we have taken a number of steps to enhance our systems and processes. In 2014, the Trakm8 Group embarked on a project to review and update our internal controls. This ultimately led to Trakm8 achieving accreditation to the Information Security standard ISO27001. This is an internationally-recognised standard for ensuring the secure processing of information, giving our customers hard evidence of our commitment to data protection and privacy. ISO27001 covers the handling of all types of information whether that is personal information, financial records, intellectual property, or commercially-sensitive information. Before GDPR was even formally approved, we had been working hard to improve our products, services and internal processes. Thanks to this dilligence and hard work by our parent company, we can assure customers, employees and other stakeholders that Route Monkey provides the highest possible levels of privacy and security.
 

Taking the right steps


The steps Route Monkey and Trakm8 have taken to ensure best practice in data protection include:
 

  • We have reviewed all of the personal data that we currently hold to ensure we are only keeping relevant, up to date and accurate information
  • We have developed new products which not only leverage the latest technology but that also have significantly enhanced security features, such as improved encryption of our telematics messaging systems
  • We have invested in our internal and customer-facing IT platforms to improve reliability and security and to improve our monitoring capabilities. This enables us to identify potential issues and address them more successfully - and also to better defend against malware, viruses or malicious attacks
  • We have already revised - and are continuing to revise - all of our Group websites to be more informative and transparent regarding our use of personal data. Most of these changes were live at the end of 2017, and we will complete the remaining changes in  2018
  • We are rolling out new processes to manage the increased rights of individuals and to respond to the increased responsibilities placed on us by GDPR
  • We continue to train all of our staff in data protection and information security – this training has been updated to cover the additional GDPR requirements

Here to help


Whether you use our optimisation, vehicle tracking, dash cams, driver behaviour analytics, or a combination of our solutions, you can rest assured that your data is in safe hands. If you have any questions about GDPR, please feel free to contact us. You can also access more information about GDPR from the website of the Information Commissioner’s Office, www.ico.org.uk