Data privacy in transport – The checklist you should know about
Data is becoming an increasingly important aspect of transport. Personal data (such as driver card numbers and location data) is often included in the data collected from assets: leading to an increased risk of involuntary data legislation violations.
\nIt is therefore vital that transport companies are compliant with data legislation. Being compliant means that:
\n- \n
- There is sufficient reason and expedience to be allowed to collect data. \n
- That there are no other real ways that will lead to the same result. \n
Since this is a common issue within the transport world and most face difficulty assessing if the right considerations are being made, we have developed a checklist to help you through the process.
\nHow do we view ‘privacy’?
\nAt an organisational level:
\nApply the ‘need to know principle’: ensure that only the people who must have specific insights have access to the correlating data to be able to fulfill their tasks and duty.
\nThis means that; if the workshop needs to know the location of an asset, the only data they need access to is its location. The workshop does not need to know which driver is driving the vehicle.
\nOn the other hand drivers should at any time have easy access to their own personal and performance data. This can be done via smartphone apps or driver reports sent by email. Drivers that are no longer employed within a company are removed from the system or anonymized; this should be done automatically to eliminate the risk of human error, and removal is guaranteed.
\nAt a system level:
\n- \n
- Period for retention of data\n
- \n
- Driving data should be stored for the period when it is used. If coaching is held on a daily or weekly basis, a retention period of 2 to 3 months is justified. However, after this period, data can only be used to identify trends. At this stage underlying data can be removed and only trends retained. \n
- Data of drivers and charters is deleted automatically. \n
\n - Data that is sent and stored in encrypted form. \n
- Data quality & comparability: \n
- \n
- The driving behaviour scores are adjusted for different forms of distribution routes. Having a system that registers driving behaviour independently of distribution type is important and can lead to different scoring which is fair on drivers. \n
- Driver behaviour coaching can also be dependent on results of the data collected and interpreted by a platform. It is therefore important that the type of operation (distribution type) drivers undertake is taken into account when comparing driving behaviour. If drivers are working different forms of distribution, you cannot hold this against them: always compare apples with apples. \n
\n
Customers:
\nCustomers are informed that data is collected on their own terrain. However they are given the option to opt-out of this by choosing to exclude collection of data such as dashcam footage for specific points of interests/locations, therefore excluding it from being presented on the Dashboard. All data shown to clients is also on a need to know basis: if truck- location information is important to the particular Dashboard user, no information on who is driving it will be shown.
\nWant to be sure you are fulfilling your data protection legal obligations and have peace of mind? Reach out to us today!
\n"
Data is becoming an increasingly important aspect of transport. Personal data (such as driver card numbers and location data) is often included in the data collected from assets: leading to an increased risk of involuntary data legislation violations.
It is therefore vital that transport companies are compliant with data legislation. Being compliant means that:
- There is sufficient reason and expedience to be allowed to collect data.
- That there are no other real ways that will lead to the same result.
Since this is a common issue within the transport world and most face difficulty assessing if the right considerations are being made, we have developed a checklist to help you through the process.
How do we view ‘privacy’?
At an organisational level:
Apply the ‘need to know principle’: ensure that only the people who must have specific insights have access to the correlating data to be able to fulfill their tasks and duty.
This means that; if the workshop needs to know the location of an asset, the only data they need access to is its location. The workshop does not need to know which driver is driving the vehicle.
On the other hand drivers should at any time have easy access to their own personal and performance data. This can be done via smartphone apps or driver reports sent by email. Drivers that are no longer employed within a company are removed from the system or anonymized; this should be done automatically to eliminate the risk of human error, and removal is guaranteed.
At a system level:
- Period for retention of data
- Driving data should be stored for the period when it is used. If coaching is held on a daily or weekly basis, a retention period of 2 to 3 months is justified. However, after this period, data can only be used to identify trends. At this stage underlying data can be removed and only trends retained.
- Data of drivers and charters is deleted automatically.
- Data that is sent and stored in encrypted form.
- Data quality & comparability:
- The driving behaviour scores are adjusted for different forms of distribution routes. Having a system that registers driving behaviour independently of distribution type is important and can lead to different scoring which is fair on drivers.
- Driver behaviour coaching can also be dependent on results of the data collected and interpreted by a platform. It is therefore important that the type of operation (distribution type) drivers undertake is taken into account when comparing driving behaviour. If drivers are working different forms of distribution, you cannot hold this against them: always compare apples with apples.
Customers:
Customers are informed that data is collected on their own terrain. However they are given the option to opt-out of this by choosing to exclude collection of data such as dashcam footage for specific points of interests/locations, therefore excluding it from being presented on the Dashboard. All data shown to clients is also on a need to know basis: if truck- location information is important to the particular Dashboard user, no information on who is driving it will be shown.
Want to be sure you are fulfilling your data protection legal obligations and have peace of mind? Reach out to us today!
.png%3Fheight=247&name=unnamed (2).png)
