We’ve compiled a list of the top ten things you need to know about how GDPR is affecting driving licence checks including what you (and your service provider) needs to do to ensure your organisation is compliant.
The General Data Protection Regulation
GDPR… 4 little letters with a very large impact and you’re probably tired of hearing about it. But GDPR is here to stay so it pays to be proactive when it comes to updating your processes and understanding what role your service provider plays in keeping on top of data compliance.
But without further ado, let’s get down to the 10 things you need to know about GDPR & checking driving licences:
1. An organisation must still obtain permission from its employees to access their DVLA driver record, whether this is provided on paper or digitally. Whilst this isn’t a new concept, the way that the permission is gained, and the associated paperwork that comes with it, changed from May 25th.
2. From May 25th, the legal justification for employers making an enquiry ceases to be based upon driver consent and will instead focus upon the obligation placed upon employers to ensure that employees driving in the course of their work are legally entitled to do so, as part of their duty of care requirement.
3. The new authorisation will be valid for three years, as per the existing driver mandate.
4. The D796/ADD mandate form and current method of E-consent has been replaced from 25th May, and from 25th August has been no longer be valid for further use.
5. A new D906/ADD form was issued by the DVLA which has a different terminology and has been live since 25th May.
6. The DVLA allowed a short period of grace to employers to collect the new permissions. DVLA driving licence checks carried out via a third party service provider can ONLY take place after 25th August IF permission has been obtained by the new method – the D906/ADD Fair Processing Declaration form or e-permission.
7. Organisations are at risk of failing to meet their own compliance standards if the new driver permission has not been obtained before the next scheduled check after 25th August.
8. If your organisation is carrying out driving licence checks via a third party service provider, ask your supplier to confirm whether the GDPR compliant permission process is available.
9. How should you obtain this new GDPR permission? You have two choices. You might choose to convert ALL of your drivers in one fell swoop using the new method of permission. The benefit of knowing that all of your drivers are GDPR compliant from a specific date might help reassure your senior managers that this necessary task has been completed.
10. If that seems like too much of a headache, you can always choose the second route which is to secure the new permission as and when the next check is scheduled. This takes a steadier approach to being GDPR compliant and may work better for your particular employer.
Need further advice? We’re here to help. We offer many solutions for onboarding drivers quickly and efficiently. DAVIS Check Station for example carries out the complete check, with GDPR permission included, in a single process, taking just seconds. What’s more, DAVIS Check Station checks for counterfeit licences so your driver compliance is further enhanced by having an additional security check.
If you are interested in fulfilling compliance and minimising risk, request a free, no-obligation quote or take a look at our solutions.
