FLEET Operations, a provider of outsourced fleet management services, is warning that many fleet industry businesses remain underprepared for General Data Protection Regulation (GDPR).
GDPR, which starts May 25, 2018, requires businesses to comply with a new set of rules designed to safeguard personal data.
One of the most significant changes means that organisations will now take responsibility for data protection breaches at any point within the supply chain.
This, says Fleet Operations, puts fleet suppliers and operators at particularly high risk due to the large amount of personal data transactions that occur within the fleet supply chain.
Brian Hardwick, Head of Operations (pictured left), said:
Appointed Representative Opportunities with Wessex Fleet
Have you thought about growing your broker business? Are you looking for opportunities for growth? Then why not consider joining Wessex Fleet as an Appointed Representative?
Keeping you on the move with leasing solutions tailored to your needs
Leasys is the proud Contract Hire partner of the Stellantis brands, offering mobility solutions from medium and long-term rentals to management systems for company fleets.We work with Brokers to support all their customers requirements.
Accelerate your business with QV Systems & Leaselink
Unlock unparalleled efficiency in vehicle procurement with QV Systems’ Accelerate, now seamlessly integrated with Ebbon Automotive’s Leaselink. Tailored for brokers and funders, this integration streamlines the entire process from quote to delivery, empowering you to effortlessly source and order vehicles for your clients.
“From our experience, it appears many organisations still have not assessed the full impact of GDPR and taken the requisite action to ensure they will be compliant.
“There exists a perception that this is a minor adjustment when, in fact, businesses need to assess their entire supply chain to ensure each link is secure.
“As a starting point, it is vital for organisations to map all data flows across the business, which means documenting all data coming in and going out, as well as the various organisations or individuals that process information at each point in the supply chain. Contracts must now be in place between the data controller and data processor in each of these data transactions covering all the requisite details outlined by GDPR.”
The consequences for failing to comply with the GDPR are high, with the maximum fine for infringements set at 20 million Euros or 4% of turnover, whichever is greater.
In this context, Hardwick insists it is the responsibility of everyone within an organisation to minimise the potential for breaches.
He added: “It is not sufficient for an organisation to simply hand all responsibility for the GDPR to a designated data controller – everyone should bear some of the burden. There are obvious data streams, such as payroll, but there are less obvious ones that include everyday emails. In this context, a breach could occur due to something as simple as copying someone into an email thread that contains data they do not have consent to view.
“That’s why it is important to communicate the new regulation – and the steps you are taking to address it – very clearly to all staff and put data protection at the centre of your organisational culture.”
Thinking of the switch to electric?
Need help in finding the right electric vehicle for you? Compare driving range, battery capacity, charging time, price, and features to find the perfect EV for you.