GDPR in Conjunction with Driving Schools

GDPR is an acronym for General Data Protection Regulation, which refers to the new set of European data protection laws that came into effect on the 25th May 2018. Until Britain officially leaves the EU, compliance with these latest regulations is required. Driving instructors, students and examiners are likely to wonder, how will GDPR have an impact on UK driving schools?

Most industries will experience some effect as a result of this legislation, but notably the automotive industry. These new laws will be replacing the Data Protection Act (DPA), established in 1998, which has become outdated as technology continues to progress. The new laws are more up-to-date, and now take into consideration things like social media, and grant individuals with more rights and protection when it comes to their personal data. The official EU GDPR statement comments on their aim of “harmonizing” data protection laws across Europe.

Driving schools will be collecting and storing personally identifiable information (PII) about their pupils, including but not limited to: first name and surname, address, telephone number, driving licence details, etc., and as such, GDPR applies to how this information is handled. Driving schools that were already fully compliant with the DPA are unlikely to have to change much in this regard, but there are other aspects that have changed dramatically under the newest regulations, and it is vital that you are able to adhere to these.

GDPR has reframed the concept of consent, so that consent must always be given as an active, affirmative action by the data subject. This is why you will have had so many emails from websites and businesses asking if you would still like to receive messages from them. ‘Passive’ consent does not meet this criteria, such as pre-ticked boxes or opt-out designs, and if your driving school newsletter or online subscription service only gained passive consent, it will have to be updated or you will have to stop collecting this information altogether.

There are some documents that your driving school should have in order to follow the guidelines set out by the GDPR. These include: a privacy policy that provides information about data processing, a document explaining why you need to collect PII from your pupils, a document informing pupils of what you intend to do with their PII, how long the data will be stored and how it will be stored, how their data will be erased, an outline of your pupils’ rights to access, erasure, rectification and their rights to restrict the processing of their data, and the contact details for your business clearly set out.

You might be wondering how your driving school could be penalised if it fails to comply with GDPR in any respect. Data protection charges should not be taken lightly. Your business could receive a fine of up to £8.8 million, or two per cent of your firm’s global turnover. More severe breaches of the regulations can lead to fines of up to a hefty £17 million, or four per cent of your firm’s global turnover.

Learn more about the theory test