GDPR based changes announced by the DVLA, this month, mean that over 2 million drivers will be required to grant new driving licence data permission to their fleet operator. Only by complying with the new rules, which come into effect 25th August 2018, will fleet drivers be properly checked.
The new GDPR regulation will apply to all private and public sector organisations processing Personal Data and receiving driver information from the DVLA. Employers and fleet managers, who are legally obliged to check a drivers’ entitlement to drive, will be under enormous pressure to hit the August deadline. To ease the burden, ADLV member companies, who facilitate online licence data checking, are contacting their customers to advise on the new compliance requirements.
ADLV members and their customers must satisfy themselves that the new fair processing declaration complies with the new data protection legislation and is permitted by the driver. ADLV members will advise customers on the implication of the change and how they can ensure compliance with the new DVLA requirements.
Kevin Curtis, Technical Director of the ADLV commented, “This is a huge shift for the DVLA and indeed the driving licence checking industry as a whole. From a technical and compliance perspective, all employers and third parties who are responsible for licence checking will need to be able to demonstrate that the new fair processing declaration has been signed by the driver. This will need to be stored in a way that can be audited by the DVLA to ensure compliance with the new GDPR legislation. This is good news for ADLV members as we are all ISO27001 accredited – and this simply raises the bar for security and data processing within the industry. Any companies that were not data-secure will now have to adhere to these new standards which is good for data protection and the licence checking industry as a whole.”
Commenting on the changes, Malcolm Maycock Chair of the ADLV commented, “The security of data and compliance in accordance with legislation, whether it is Data Protection regulations or current work-related road safety legislation, is a core business function of ADLV members. Whilst this is a mammoth task in a short timeframe, our members are committed to ensure that all processing is correct and complies fully with the new GDPR legislation. The good news is that the new Data Processing Declarations will continue to remain valid for 3 years from the date permission is granted.”