On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into effect. The GDPR will replace existing national privacy laws across the 28 member states of the European Union. The GDPR can be considered as a “replacement upgrade” to these laws to include the latest opinions and judgements of the various regulators across the EU as well as the elements that are key in the online world we live in today. Effectively, this means that the majority of what is required already exists in law, so our opinion is that the GDPR should largely be considered as business as usual.*
Like previous privacy laws and regulations, the GDPR is aimed at protecting the interests and rights of individuals, while their data is used for various purposes to serve them, and serve the interests of others, for economic benefit or for the public good. The GDPR is therefore highly relevant for consideration in the workplace environment.
Here we will present a few of the important new elements in the GDPR, which in our opinion, require particular attention from TomTom Telematics customers:
The General Data Protection Regulation (GDPR) defines data as personal data of people in the EU and affects its use in terms of ‘processing’ which includes the collection, storage, transfer or use.
In our opinion, four out of six of these lawful bases are relevant to businesses; a lawful basis for processing data for TomTom Telematics could be for example explicit permission. Please be aware that the GDPR does not require permission in all events, or is even desirable, particularly in employment relationships. The GDPR provides for personal data to be used without consent, to the extent this is needed to fulfil a contract with the counterparty. It could also be that a specific law exists that requires the use of personal data. In these cases, asking for permission is not required.
As per point 6 above, the GDPR also provides for personal data to be processed without asking for consent when you have a legitimate interest to do so. Typically, this relates to detecting fraud, abuse, security issues and business analysis. This may also apply to the work environment and relate to situations which are not covered by the employment agreement, such as the various purposes for which vehicle telematics is used. Yet in those cases, in our opinion, only collect the minimum data that is needed for the purpose (to minimise the impact on the right to privacy of the individual) and make sure it is clear this data collection complies with the GDPR.
At TomTom Telematics, we help our customers to get closer to their drivers.
As a data processor, we act under the instruction of our customers to collect vehicle and driver-related information while we deliver our fleet management services through our hardware, we process this data and present it through our Apps, web-based user interfaces and APIs.
Our customers use our products for fleet optimisation, some examples of the use/purpose are as follows:
What data do we collect and process on behalf of our customers?
For interactions with our customers, for example, personal data is collected on our website, TomTom Telematics is a data controller of this data.
At TomTom Telematics we have studied the impact of the GDPR since 2012 when its first drafts were published. We have made it an integral part of how we have developed and evolved our Telematics offerings for our customers in the past years. To us, the GDPR is an evolution, not a revolution. To help with getting things right, we have established 5 core design principles:
If you have further questions on the General Data Protection Regulation please contact us here.
Find out more about the General Data Protection Regulations form the European Commission and the Information Commissioners Office (ICO) by using the links below:
At TomTom Telematics, we’re committed to the security of information and data privacy. We invest continuously in our engineering, proven technologies, processes and people to make sure we can always provide you with the most reliable telematics service on the market.
As one of the world‘s largest providers of telematics services, continual investment in our service is important. We’re always improving to make sure that we are the best partner for your business – now and in the future. For more information on data security and privacy of the TomTom Telematics service platform, learn more here.
* LEGAL DISCLAIMER: The information contained on the TomTom Telematics website is for informational purposes only and expresses our view on the subject matter. It should not be considered legal advice on the subject matter. Furthermore, the information contained on our website may not reflect the most current legal developments. You should not act upon this information without seeking legal advice.