GDPR in Conjunction with Driving Schools
New laws regarding data protection, which came into effect on 25th May 2018, will have an impact on all kinds of businesses, including the driving school industry. Driving instructors need to be aware of how this latest legislation – the General Data Protection Regulation – will influence the operation of their businesses.
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a set of new laws which address the handling of personal data and serves to replace the Data Protection Act (DPA) which was instated back in 1998. The DPA was not written with today’s technology in mind, for instance – social media platforms were not accounted for, and was in need of a contemporary revision in order to bring data protection regulations up-to-date. Thus, GDPR was born. For now, Britain is still a part of the EU, and we must abide by these rules.
A large part of GDPR’s focus is on giving people even more protection and rights when it comes to their personal data. With that in mind, all businesses that collect any personally identifiable information (PII) about their clients must be aware of how to be compliant with the latest laws. Some examples of data that would be considered PII are: first name, last name, phone number, home address, driving licence details, and so on. Driving schools routinely collect and handle data that contains PII about their pupils, and must ensure they do so in a way that does not contravene the guidelines set out by GDPR.
Driving Schools and GDPR
It is extremely important for driving instructors to be aware of the new regulations, and make any necessary adjustments if they aren’t quite meeting them. GDPR specifically expands on data protection laws surrounding the idea of consent; ‘passive’ consent will no longer suffice. Opt-out designs and pre-ticked checkboxes are two examples of passive consent. Instead, the data subject must give consent through an active, affirmative action – this explains all the subscription emails you’ve been receiving over the past few weeks.
Any businesses collecting information with only passive consent must update their process or stop collecting data altogether. There are also some documents that you need in order to comply with GDPR, which set out the ways in which your driving school collects and handles data. These include: a comprehensive privacy policy, the business’ full contact details, an explanation of why you need to collect personal data, how the data will be stored, for how long the data will be stored, how it will be erased, information about the data subject’s right to erasure, right to rectification, and rights to restrict the ways in which their data is processed.
GDPR aims to ‘harmonise’ European data protection laws, and it should be taken very seriously. The punishments for breaking these laws are severe: your business can be fined up to £8.8 million/two per cent of your global turnover for a mild offence, or fined up to £17 million/four per cent of your global turnover for a serious offence.