Gaining Driver Permission 3 years on from GDPR

It's almost 3 years since the introduction of the GDPR which can only mean one thing... it's time to start the permission acquisition process all over again. Our blog outlines what has changed since 2018 and how to prepare to gain consent from your drivers effectively and ahead of time.

Gaining Driver Permission 3 years on from GDPR

Remember when the only thing we were concerned about was the imminent introduction of the GDPR? Fast forward 3 years, throw in Brexit and a worldwide pandemic and GDPR may now seem like a welcome distraction. But is GDPR something we should be worrying about once more? How has Brexit affected the legislation? What does this mean when accessing driver data?

Getting your permission process under control

It was 2018 and a sense of dread was setting in amongst fleet managers, and anyone responsible for gaining driver permission to carry out licence checks. Why? The introduction of the GDPR meant that it was necessary to re-mandate ALL company drivers, vocational and otherwise, so that DVLA driver records could be accessed correctly with the updated authorisation in place. The reason for the unease was clear; historically the task of gaining permission from a single driver was as time consuming as it was laborious, and quite frankly having to carry out the task across an entire workforce was enough to get the blood pressure soaring. A collective sigh of relief could be heard when the task was finally completed and thankfully didn’t need to be revisited for another three years….

Hello 2021

Here are we are almost three years later and it’s time to once again address the topic of driver permission as we get closer to celebrating GDPR’s third birthday which means it is very likely that a proportion of your driver consent will soon expire. So, what’s different this time round?

GDPR is an EU regulation so does it still apply post Brexit?

In short yes it does. Whilst the EU GDPR is an EU regulation and will no longer apply to the UK, the principles have been incorporated into UK data protection law as the UK GDPR. It’s important to note however that businesses operating or offering goods or services in the EEA (European Economic Area) may need to continue to comply with the EU regulation as well.

Gaining Permission Effectively

Many years ago the only way of gaining driver consent was with a wet signature on a paper form. Thankfully, licence checking software has come a long way since then and many providers now offer countless ways to gain consent – most of which are fully digital. Take DAVIS for example, we offer 5 (soon to be 6) methods of capturing driver permission….

  • E – Permission (our most popular method) is managed entirely by DAVIS and requires very little manual input, as the system generates automatic emails to drivers
  • App – using QuickCheck technology, driving licences can be scanned using a smart phone requiring next to no manual data entry
  • On Site – for situations where drivers report to a depot/location and have a mobile phone to receive a pin code to authorise the check
  • Paper based mandate – believe it or not, paper mandates are still requested and therefore this option is offered within DAVIS
  • CDR – countertop device where a driving licence is dropped in, scanned and data captured, minimising the need for manual data entry and includes an added benefit of checking for a counterfeit licence
  • NEW SMS Permission – coming soon, this new method of permission is one of our fastest methods, can be carried out remotely (rather than being face to face) and is simpler and more accessible for drivers

Who controls the data?

There are two primary roles when handling data – Data Owner and Data Processor. The employer/organisation that requests the data (for example driving licence details) is by rights the Data Controller and they are responsible for ensuring that the purpose for obtaining the data is legitimate and remains necessary, relevant and up to date. A third party provider, such as a licence checking service takes on the role of Data Processor and is required to act in accordance with written instructions, whilst at all times staying within the legislative guidelines.

For some licence checking providers, control of personal data is shared with the employer/organisation. The DAVIS approach is somewhat different as it is our aim to make the role of Data Controller absolutely clear by giving clients full control over their data which we believe gives our clients more autonomy. This enables the data to be managed directly so data records can be archived or deleted instantly by the employer/organisation without reliance on a third party provider.

Next Steps

It’s important to prepare and get a good understanding of your driver data now so that you can plan ahead and avoid a last minute rush the month (at best!) before permission expires. Use reports that are available to you to understand when your permission expiry peak is. You can then make an informed decision about how to timetable and resource the task. Your service provider should be in a position to provide this information. For those already using DAVIS, there are various reports where you can identify the drivers whose permission is about to expire in the standard report libraries.

Time to Switch?

Gaining driver consent doesn’t have to be a headache and actually presents a timely opportunity to review the offering from your current provider and switch if you find a smarter, more efficient partner for your driver risk management.