4 May 2018

GDPR arrival means fleets must revalidate driver licence checking consent

More than two million drivers will be required to renew permission for their fleet decision-maker to check their driving licence with the introduction of the new General Data Protection Regulation (GDPR).

The new data protection rules come into effect from May 25, but the Driver and Vehicle Licensing Agency (DVLA) is giving fleet operators a three-month transition period, until August 25, to comply.

The new GDPR regulation applies to all private and public sector organisations processing personal data and receiving driver information from the DVLA. Employers and fleet managers, who are legally obliged to check a drivers' entitlement to drive, will be under enormous pressure to hit the August deadline, it is claimed.

To ease the burden, Association of Driving Licence Verification (ADLV) member companies, who facilitate online licence data checking, are contacting their customers to advise on the new compliance requirements.

ADLV members and their customers must satisfy themselves that the new fair processing declaration complies with the new data protection legislation and is permitted by the driver. ADLV members will advise customers on the implication of the change and how they can ensure compliance with the new DVLA requirements.

Kevin Curtis, technical director of the ADLV, said: "This is a huge shift for the DVLA and indeed the driving licence checking industry as a whole.

"From a technical and compliance perspective, all employers and third parties who are responsible for licence checking will need to be able to demonstrate that the new fair processing declaration has been signed by the driver. This will need to be stored in a way that can be audited by the DVLA to ensure compliance with the new GDPR legislation.

"This is good news for ADLV members as we are all ISO27001 accredited - and this simply raises the bar for security and data processing within the industry.

"Any companies that were not data-secure will now have to adhere to these new standards which is good for data protection and the licence checking industry as a whole."

Commenting on the changes, Malcolm Maycock, chairman of the ADLV, added: "The security of data and compliance in accordance with legislation, whether it is data protection regulations or current work-related road safety legislation, is a core business function of ADLV members.

"Whilst this is a mammoth task in a short timeframe, our members are committed to ensure that all processing is correct and complies fully with the new GDPR legislation. The good news is that the new data processing declarations will continue to remain valid for three years from the date permission is granted."