Data protection in driving licence checks
30. May 2021 | By Tim Ruhoff
With the EU General Data Protection Regulation (GDPR), which had to be implemented throughout Europe since May 2018, numerous innovations for the protection of personal data were adopted. This also affects the topic of "data protection during driver's license checks". In the following, we will present to you what you have to consider and which software solutions help you to implement the legal requirements in a legally secure manner.
Driver's license checks are essential for the fleet - data protection must be observed in the process
Owners of motor vehicles must ensure that only such persons drive their vehicles who have the necessary driving licence for it. Otherwise, there is a risk of fines or imprisonment in accordance with § 21 StVG. One means of avoiding this liability is regular driving licence checks. However, data protection must be observed when checking driving licences.
A driving licence contains personal data in accordance with Article 4 of the GDPR. When a company checks the driving licences of its employees who use company vehicles, these personal data are collected and processed.
Data protection in driving licence checks
According to the GDPR, data may only be collected in the context of a driving licence check if this is necessary in order to implement organisational, personnel and social measures, especially for human resources management purposes. Since the driving licence check serves the company to fulfil its obligations as a keeper, this can be subsumed under human resources management measures. The data collected during the driving licence check, such as name, driving licence number, date of issue and issuing authority, must be documented. However, the requirement of data minimisation in the sense of Art. 5 Para. 1 c.) DSGVO must be observed in the documentation. According to this, the vehicle owner may only document data from the driving licence that are necessary for the fulfilment of the purpose (to fulfil the owner's obligations). Vehicle owners are often advised to make a copy of the driving licence during the inspection. Since all the required information from the driving licence is already available on a questionnaire or in a system, it is not necessary to have a copy of the driving licence.
According to Article 13 (1) and (2) of the GDPR, employees must be informed by the company about the data collected. It is best for the company to have the employee confirm in writing that this information has been provided.
Furthermore, the company must ensure that, in accordance with Art. 32 DSGVO, the data is protected from access by unauthorised persons. This means that only persons entrusted with fleet management may have access to the data, whether in paper or digital form. This data must be protected from other persons, for example, by lockable cabinets or the use of passwords.
The GDPR stipulates for driving licence checks that the personal data collected may only be stored for as long as is necessary (Art. 5 (1) a.) GDPR). If this is no longer the case, it must be deleted. However, this does not mean that the old data must be deleted after each new driving licence check. This is because the vehicle owner must also prove for the past that he has fulfilled his obligations as a keeper. However, as soon as the employee no longer uses a company vehicle, the data must be destroyed.
Driving licence data protection is of great importance. As previously outlined, the vehicle owner has to comprehensively consider many regulations of the GDPR when collecting data. As data protection is not the core business of a company, there is often a lack of time and human resources to deal with the requirements of the GDPR.
Electronic driving licence control and data protection
In order to carry out the driving licence check in compliance with the GDPR, many companies opt for the electronic form through an external service provider instead of a manual driving licence check. The external software is intended to ensure that the data is collected, stored and processed in compliance with the data protection regulation during the electronic driving licence check. However, companies must be careful when selecting the provider. Not every external service provider sufficiently fulfils the requirements of the GDPR. Particularly in the case of external service providers, there is also the special feature that the personal data of the employees is stored and processed on the external servers of the provider. According to Art. 28 of the GDPR, the company that wishes to carry out the driving licence check electronically must ensure that the provider implements the GDPR when selecting the provider. This means that the provider must meet the technical and organisational requirements.
Electronic driving licence control and data protection at fleetster
With fleetster, companies are on the safe side with data protection when it comes to electronic driving licence checks. Compliance with the DSGVO has top priority for fleetster, especially for data processing. For example, there are the prescribed access controls, so that only authorised persons can view the data. Likewise, the photocopy is not archived during the electronic driving licence check, but deleted from the servers as soon as the successful check has been carried out via the Driver App. Furthermore, the data collection is designed in such a way that only the minimum of personal data is collected.
At fleetster, data protection is lived and breathed. When partners are brought on board for a comprehensive range of services, they are also subject to random checks to ensure compliance with the DSGVO.
The employees and partners of fleetster regularly receive training on the subject of data protection in order to always be up to date.
Fleetster uses only state-of-the-art encryption methods for data transmission. Whether via app or online, the data is recorded and transmitted in encrypted form. Tracking of the data is thus excluded.
Conclusion
The topic of data protection affects many areas in the context of driving licence checks. to keep the effort for companies within limits in order to be able to comply with all data protection regulations, it is advisable to transfer the topic to external providers. for this purpose, rely on fleetster when selecting providers. for fleetster, data protection is not an annoying task, it is lived. with fleetster, you receive a legally compliant solution that is checked annually. this saves you valuable time and resources for other topics in your company.