This required all businesses and organisations that handle personal data to enhance the way they store, manage and use that information. To this day, it requires strict accordance from all data controllers and processors.
At Teletrac Navman, we have a dedicated team committed to ensuring all of our systems, processes and services are designed to enable our customers to achieve GDPR compliance.
Below, we’ve listed some of the most commonly asked GDPR questions we receive from our customers, along with an explanation of what this really means and how our DIRECTOR platform directly supports you maintaining GDPR compliance.
What GDPR says |
How DIRECTOR supports you |
|
User Role Access |
Under the GDPR, businesses have a general obligation to implement technical and organisational measures to demonstrate they have considered and integrated data protection into processing activities |
The ability to view any data in the DIRECTOR platform is strictly limited to registered system users. Each user may be assigned a role which determines their access to data visibility through a flexible range of permissions. Customers with more complex requirements can manage their own team's user access with our full administrator control. This extended functionality allows customers to independently control users roles, reset passwords and disable users.
|
Account Logon |
Privacy by design has always been a implicit requirement of data protection |
Passwords used to access the DIRECTOR platform are fully encrpted and not available to view.
|
Driver Deletion |
GDPR addresses the right an individual has to have his/her own personal data 'forgotten.' Data controllers should have a process in place in the event this request is made so that it can be dealt with in a timely manner. |
The DIRECTOR platform offers the functionality to delete a 'Driver' which would include email and telephone number if they are present.
|
Business/Private Mileage |
Individuals have the right to request the restriction or suppression of their personal data. Again, data controllers should have a process in place in the event of this request. |
The DIRECTOR platform allows drivers to toggle between private and business tracking mode. During a period of privacy, the location of the vehicle is unavailable, although the system does continue to collect mileage for vehicle maintenance purposes and driver behaviour data for safety monitoring reasons.
|
Data Retention and International Data Transfers |
GDPR stipulates that any personal data should not be held longer than necessary and must be stored in a secure environment and transfers outside the EU have strict requirements. |
All DIRECTOR data is held on encrpyted storage discs in cloud hosted data centres located in the EU. The data retention period is a rolling 36 months. |
It is certainly a step up from the previous legislation, but for responsible businesses, GDPR compliance is a matter of evolving existing processes, rather than adopting a completely new strategy.
We hope this information was helpful to you and we recommend that everyone in all areas of your business or organisation takes some time to learn more about the laws. Ensuring every single person is aware of GDPR and its possible implications is the best place to implement a compliant strategy.
To assist us all, the ICO has published a number of guides and checklists which are all freely available on their website. There is also no substitute to seeking independent legal advice specific to your business especially when performing your Privacy Impact Assessments or determining what readiness steps are appropriate for your operations.
Disclaimer: The information herein is for general guidance and is not legal advice. If you need more details on your obligations under GDPR and about what action to take, please contact an adviser or lawyer.
