The legal duties around vehicle and driver data

With the General Data Protection Regulation coming into effect in less than a year, the BVRLA explains how fleet operators need to understand their responsibilities and have a clear strategy regarding the collection and use of driver and vehicle data

The new General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 marking the biggest overhaul of data protection since the introduction of the current Data Protection Act (DPA) in 1998.

Seen as more of an evolution than a revolution, GDPR is effectively a more detailed and robust version of the current regulation, placing greater emphasis on the rights of individuals and imposing tougher penalties on those organisations who fall short of meeting their data protection obligations.

Those found to be in breach of the new rules could face fines of two per cent of annual turnover or four per cent of annual worldwide turnover for more severe infringements.

The GDPR applies to data processing carried out by organisations operating within the EU as well as organisations outside the EU that offer goods or services to individuals in the EU. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR so businesses should not let the prospect of Brexit delay preparations.

Is the industry ready?

The British Vehicle Rental and Leasing Association (BVRLA) recently published findings from its Fleet Technology Survey, revealing that around half of BVRLA members and fleet managers felt ready for GDPR. Fifty-four per cent claimed that their company is clear about its responsibilities under GDPR and 52 per cent claimed that their company has a clear strategy regarding its collection and use of driver and vehicle data.

To be adequately prepared for the new rules, some operators may need to completely overhaul their data management processes. The BVRLA are calling upon the industry to act now to identify gaps and review their current ways of working, liaising with others in the supply chain to get suitable processes in place. This is likely to place a significant burden on many fleet operators over the coming months as dedicated time and resource will be required to get everything in order before the new rules set in.

BVRLA chief executive, Gerry Keaney said: “We are advising members to act now to get sufficiently prepared for the introduction of GDPR as the cost of non-compliance is great. Our GDPR seminar was well attended last month and we are providing other tools and guidance including e-learning modules, YouTube films and factsheets to support members with their preparations in the lead up to the new rules.”

The Information Commissioner’s Office (ICO) understands the importance of having an internationally consistent approach to data protection regulation, stating: “With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.”

Any changes made to business processes to ensure compliance will not be made in vain as any UK version of the regulation introduced post-Brexit is likely to be aligned to GDPR.

Some key differences

Under GDPR, there will be more emphasis on the rights of individuals both in terms of consent and access to their own data. Should an individual ever make a claim, the burden of proof will fall to the organisation so it will be essential for fleet operators to keep audit trails to evidence that specific and unambiguous consent was freely given. This should be in the form of a statement or an affirmative action. It will no longer be acceptable to gain consent via passive ‘pre-ticked’ boxes and inaction.

Another area of change is that the new rules place emphasis on shared responsibility, making everybody who handles and processes data liable, not just data controllers. Everybody in the supply chain will need to understand their obligations to ensure compliance and this is going to require a change in mindset as people across the industry have different views on who they think is liable for data.

This was reflected in the BVRLA’s study which shows that 36 per cent of members and 41 per cent of fleet managers agreed that everybody had responsibility for data protection. The rest placed the responsibility at the door of either the lease company, manufacturer or fleet manager. There is clearly a big job to do to ensure compliance across the industry.

Data security

As the automotive industry continues to transition from a sector driven by mechanics to one driven by electronics and software, the issue of data and cyber security will become an increasing concern.

As connected and autonomous vehicles become more prevalent on our roads, it will be crucial for manufacturers to consider security requirements in the vehicle’s design and it will be equally as important to protect our infrastructure.

The main cyber security threats to connected and automotive vehicles include loss of control, loss of data, leaking or sharing of data, denial of service or malicious manipulation of software, network outage or disruption of power supply and even interception or hijackings. All of which would be disastrous.

The BVRLA welcomed government’s recent publication of a set of principles to ensure that a tougher approach is taken to cyber security throughout the automotive industry.

Keaney said: “It is potentially an area of huge vulnerability if businesses do not take steps to be properly protected so there is likely to be an increase in the employment of tech-savvy cyber security professionals to embed government’s recommended cyber security principles right across the automotive industry. Data protection is crucial not only for individuals and organisations, but also for the industry and the wider UK economy.”

Data access and ownership

As part of the BVRLA’s Fleet Technology Survey, the association explored views from drivers with regards to data and connected vehicles, and the message was clear. When it comes to sharing data about themselves such as how they drive or where they drive, there is little appetite to give consent.

However, the picture is very different when it comes to sharing diagnostic data to help with early diagnosis of faults or to help flag warranty or safety issues. 95 per cent were happy to share data if it helped to diagnose or prevent faults, 93 per cent were happy if it enabled the automatic alerting of a breakdown company and 82 per cent were happy if it helped to identify safety and warranty issues.

Around seventy percent of BVRLA members and fleet managers believe that vehicle manufacturers have an obligation to provide vehicle data, with 86 per cent saying that they should not have to pay for it.

Seventy-nine percent of respondents said they were concerned that vehicle manufacturers would restrict access to telematics data to further their own business goals. Eighty-nine percent of them believe that manufacturers should allow them to install third party telematics devices, provided that they meet agreed security standards.

Gerry Keaney said: “Connected vehicle data is rapidly becoming the new currency of the fleet sector and will drive many business models in future.
“Our responsibility is clear. The BVRLA will play a lead role in helping the fleet sector work with government and the wider automotive supply chain to ensure that all parties share data in an open, secure and fair way. By doing this, we can make sure that businesses and consumers continue to enjoy a competitive choice of suppliers for fleet management, aftermarket and mobility services.”

Share this

Making sense of the vast amount of data produced from telematics can often be daunting, resulting in opportunities being missed and actions not being taken. Our expert panelists share their advice on how to make sure valuable fleet information is not getting lost

Telematics generates vast amounts of data which needs to be digested and acted on if any benefits are to be realised. But how well are fleets using data? And do companies have a moral and legal obligation to act on reports of bad driving? We ask our telematics experts

Meet our new leasing experts, who in this first discussion, examine how new challenges such as Brexit, air quality and policy changes are affecting fleet managers

In the first of a new panel discussion, we ask our experts their views on how telematics have shaped and driven change within the fleet management profession, and why reluctance to use fleet technology still exists within some organisations

GreenFleet Expert Panel - Leasing

Can it pay to think differently about the way we travel? Our expert panelists examine how the new concept of ‘mobility’ is impacting the fleet sector

Expert Panel

Following the launch of the Department of Transport’s consultation into making charge points more accessible, GreenFleet’s expert panelists give their views on the key factors that will shape the electric vehicle market’s development in the near future.

GreenFleet Expert Panel - Leasing

How can leasing and contract hire firms help with the wider role of fleet management? And what role does the industry play in driving down emissions? We ask our new expert panel for their views.

Expert Panel - Telematics

Our telematics expert panelists share their thoughts on how technology has helped drive down road emissions, how telematics grows the appeal of electric vehicles, and how autonomous vehicles could benefit fleets in the future.

Expert Panel - Electric Fleets

GreenFleet taps into the minds of its expert panel to assess the place of electric vehicles in company car fleets and what the major barriers to adoption will be moving forward.

GreenFleet Expert Panel - Connectivity

Technology is changing the way we travel. GreenFleet quizzes its telematics expert panel on how connectivity is facilitating new mobility trends, aiding fleet management, and reducing CO2 emissions.

Richard Gooding discovers that with the arrival of the eighth-generation Ford Fiesta comes a raft of driving technologies, as well as an improved interior and enhanced efficiency

Iveco Daily Blue Power range

Although the alternatively-fuelled commercial vehicle market is in its infancy, Richard Gooding drives Iveco’s range of LCVs which offer a variety of cleaner powertrains

Jaguar F-Pace R-Sport 2.0D AWD

A sporting crossover, the F-Pace was the first Jaguar SUV to marry lightweight materials to a dynamic driving experience. And, as Richard Gooding discovers, the dieting ethos also helps with efficiency

Ireland’s Dipetane Revolution is making its way across the Irish Sea, as more UK-based mechanics learn about the trusted secret ingredient of their Irish counterparts.

About GreenFleet

Media Information
Cookie Compliance
Terms and Conditions

Members of the Professional Publishers Association

Our Affiliates