How to meet GDPR in terms of GPS tracking and telematics

On 25th of May 2018 the EU General Data Protection Regulation (GDPR) comes into force. In spite of the fact that lots of emailings and posts with buzzy GDPR concerns catch our eyes, providers still have lots of questions and doubts whether their GPS tracking and telematics service is able to handle user private data in a proper way or not. To make the question more clear we will shine a light on it, show what tools Navixy offers and give several recommendations to our partners. Please, learn more from the article.

GDPR in a nutshell

The regulation will force companies to be remarkably careful when handling personal data. Rules for the data protection are applied to companies inside and outside the EU. It means that it doesn’t matter where your company is located. If you offer services to European citizens, GDPR compliance is your duty.

So, let’s summarize the most important principles and requirements regarding the management of personal data:

• Confidentiality and integrity: personal data should be processed in a manner that ensures appropriate security, including protection against unauthorized use
• Lawfulness, fairness, and transparency: personal data should be processed in a lawful, fair and transparent manner
• Limited purpose: personal data should be collected for specified, explicit and legitimate purposes and not further processed in a way not compatible with those purposes
• Data minimization: the collection of personal data should be limited and data collected must be relevant to accomplish a specific purpose
• Accuracy: personal data stored and managed should be accurate and, where necessary, kept up to date
• Storage limitation: personal data shouldn’t be kept for longer than is necessary and must be deleted on user’s request
• Staff training: It is important staff feel both qualified but also empowered to flag data breaches or possible issues

How the regulation affects GPS tracking and telematics

First let’s define, what personal data is in terms of GDPR.

Personal data is any piece of data that can lead to the identification of a living individual – whether that be directly (i.e. name, email, address etc.) or indirectly through the online and offline information you possess. All these can be completely applied to a GPS and telematics service, because your customers transfer to you such data as: email, customer ID, location, speed, etc. In other words, all the GPS and telematics data you obtain from European customers is directly relevant to GDPR.

10 facts and tools about data security with Navixy

Our company clearly understands the importance of the law and supports its implementation. Therefore, we have been making steps to prepare the platform and our partners as well:

1. Navixy servers are located at the secure data centre with Tier III Uptime Institute certification
2. The servers are protected from various kinds of vulnerabilities, including Meltdown and Specter
3. The software has been regularly updated to keep the private data security level high
4. Our company exploits modern data encryption methods, such as: end-to-end, TLS
5. All the employees has been trained how to spot potential data threats and take security measures
6. You can always specify for how long the private data of their users will be stored. You are able to set the storage period while creating customer tariff plans in your Admin Panel. After this period, the data will be automatically deleted

7. Your customers can browse their personal data (name, email, account ID, etc) in the profile settings at any time

8. If a user decided to correct or delete (partially or completely) his/her private data from the platform, he/she can conveniently contact you via special help section right from the user account interface

9. It will be possible soon to display your own Privacy Policy and Terms of Service on the login page by filling out one of the Admin panel fields

10. And, of course, we have recently updated our Privacy Policy, please read it here.

Summary and recommendations

Here is the list of recommendations our Partners may use in order to secure private data properly and make this process clear to the customer.

• Update your Privacy Policy and Terms of Service. Add the link into the Admin Panel to display your policy and terms on the login page of your service (like it was mentioned above)
• Collect consent from users to process their personal data
• Train your employees about the ways they should handle Personal Data of your users
• Inform your users on how they can browse their personal data and swifty contact you in case they need to request any changes to their personal information.
• Make sure that you follow your customer requests and react fast on deleting or making changes to the personal data
• Manage history storage period of your customers by creating tariff plans in Admin Panel.
• Add SSL certificate to your monitoring service domain name. SSL encryption is an established way to encrypt and protect web traffic between your users and your service, eliminating the possibility that someone with malicious intent can intercept the web traffic and possibly get some sensitive information about your users.

If you still have any questions concerning the impending regulation and steps you should take for being ready, please contact our sales department.