Don’t let GDPR slow you down: What Fleet Managers must know about Telematics & Co.

We at PANION offer you the opportunity to switch your fleet’s drive from combustion engine to electric as efficiently as possible. To do so, our software analyses data sets from various sources, allowing you to seamlessly make the transition to an electric fleet. Because this process requires personal data (e.g., email address, license plate number) to be processed, a transparent, trustworthy and compliant handling of the data must be ensured. PANION accompanies fleet managers on their journey to an electrified fleet.

The importance of GDPR for Fleet Management

If you want to manage your fleet as efficiently as possible, it is crucial to collect and analyze vehicle and telematics data. While the data needs to be exact and precise, its quality is not the only aspect that needs to have a certain standard: Data privacy regulations play an important part, too, especially with the introduction of the GDPR by the European Union.  Fleet managers need to put in more effort to meet legal requirements, but at the same time, GDPR can offer a robust framework for what data compliance must look like.

We know GDPR is not exactly what most people think of as the fun part of fleet management, but it is elementary and inevitable when dealing with telematics data. Therefore, we at PANION believe that, to ensure data safety, fleet managers need to have access to the proper technological infrastructure. Additionally, clear processes for dealing with data breaches should be established right away from the start.

What matters the most in Fleet Management GDPR

Failure to comply with the GDPR can have serious consequences. A violation can be punished with a very high fine. On top, a data security breach might negatively impact your stakeholders’ or customers’ trust in you. Due to these possible repercussions, the following points should always be ensured:

  1. The protection of private data should be the centre of attention. That is why each employee and each of your drivers should be given the opportunity to choose for themselves whether or what third party partners or fleet managers are allowed to do with their data. Only when a person gives their explicit consent, data is allowed to be stored and processed.
  2. Companies must identify possible data security risks in advance. With the large amounts of data that are being processed in fleet management it is indispensable that companies try to find sources where data breaches might originate from. When these sources are identified early on, countermeasures can be implemented preemptively. This aspect also includes documentation of the origin of data.
  3. Companies must appoint data protection officers. There must be a data protection officer so that consumers, customers or employees have a contact person in the event of a possible data protection breach or external service providers can obtain information about data processing.
  4. There is accountability to data protection authorities. With the introduction of the EU Data Protection Regulation, there is a uniform regulation throughout Europe. Fleet managers therefore do not have to report to data protection authorities in every country in which the fleet is moved, but only in the country where the company is based.
  5. Higher levels of protection are expected. Fleet managers must ensure that the technical systems used to collect data fully comply with data protection requirements.

With these 10 questions, you can check how high the need for action regarding GDPR is

1. Do you process personal data according to GDPR?

2. Is the system you use (telematic, navigation devices, etc.) compliant with the GDPR?

3. What kind of data do you store?

4. Where and for how long is personal driver data stored?

5. Do drivers have control over the duration of data storage?

6. Do only data processing service providers have access to user data?

7. Can personal data simply be deleted?

8. Is the collected data made available to third parties?

9. Can drivers protect their personal data when they use the vehicle privately?

10. Do you work with information material that explains your data protection precautions?

As you can see, there are extensive tasks to be completed in order to implement a fleet management system that complies with data protection requirements. It is therefore all the more important that you set up some kind of “data protection roadmap” and that all stakeholders in your company are involved in the entire process as early as possible.

PANION as a key partner for data protection compliance in fleet management

PANION helps fleet managers to comply with all requirements of the GDPR and to communicate the topic of data protection transparently. For example, we support our customers in involving the works council, the data protection officer and the drivers at an early stage.

Involving the works council

The works council is responsible for safeguarding the interests of employees. Fleet managers should therefore involve this body as early as possible in the fleet data collection project. The entire project process can be worked out together with the works council.

PANION helps with this process and explains the purpose of data collection to the works council. Its purpose is not simply to electrify the company’s vehicle fleet, but to provide each employee with the best possible vehicle based on the data collected.

The vehicles or the drivers themselves serve as data sources. PANION’s experts are happy to give works councils a detailed presentation of the software in order to dispel any concerns they may have.

To enable the introduction of the PANION software, a regulation agreement can be duly agreed with the works council, e.g. in the medium or long term, via a works meeting.

Involve your data protection officer in the process

In order to make the data collection process transparent for the data protection officer as well, PANION provides important documents regarding data use and processing. These include, for example, the data protection agreement or the data privacy statement.

If a company itself becomes a “controller” according to Section 24 GDPR, additional regulations must be taken into account. PANION’s team can work with you to determine what consequences this will have for your company and your fleet management.

Involve your drivers

In order to obtain consent for data collection in a legally secure manner, it is necessary to precisely inform drivers about the manner as well as the purpose of data storage. PANION offers companies comprehensive information material, including FAQs and onboarding documents, to transparently inform vehicle users about the data collection process.

Leading fleet management to electromobility in compliance with data protection regulations

Electrification of the vehicle fleet not only presents companies with logistical challenges, but also requires comprehensive expertise when it comes to data collection. After all, this data is essential if the existing fleet is to be efficiently electrified. PANION supports corporate fleet managers in educating all key stakeholders about data collection and complying with all requirements of the GDPR throughout the transformation process.