With the support of the DVLA, the ADLV (Association for Driving Licence Verification) now sees the ‘light at the end of the GDPR transition tunnel’. Recent GDPR based changes announced by the DVLA, meant that over 2 million drivers were required to grant new driving licence data check permissions to their fleet operator by the 25^th August.  After this date no scheduled rechecks can take place using the former methods putting many drivers at risk of infringing company rules and policies until they comply.

With member companies collaborating closely as the new compliance rules came into force, the vast majority of the new mandates will have been checked and processed by the deadline, but some employers remain surprisingly complacent.

The new GDPR regulation deadline which applies to all private and public sector organisations processing Personal Data from the DVLA was seen as an incredibly narrow window by many industry observers. Fleet managers, who are legally obliged to check a drivers’ entitlement to drive, were potentially under enormous pressure to hit the August deadline.  To achieve this, ADLV members and their customers needed to ensure that the new fair processing declaration required under the new data protection legislation was seen and approved by each driver.

To ease the burden, ADLV member companies, who facilitate online licence data checking, contacted their customers promptly to advise on the new compliance requirements.

According to Terry Hiles, Deputy Chair of the ADLV, “The introduction of GDPR was a major challenge for the DVLA as the Agency managing this personal data and indeed for the driving licence checking industry itself. From a compliance perspective, all employers and third parties who are responsible for licence checking are now required to demonstrate that the new fair processing declaration has been agreed by the driver. Evidence of this needs to be stored securely in a way that can subsequently be audited thoroughly by the DVLA to ensure compliance with the new GDPR obligations. This is, in fact, excellent news for ADLV members as we are all ISO27001 accredited – and, even better, it raises the bar for security and data processing within the industry. Those organisations that are not data-secure will have to meet these exacting new standards. This is good news for both data subjects and the licence checking industry as a whole.”

“Whilst the GDPR transition has proved to be a mammoth task to be executed over an exceedingly tight timeframe, our members were always committed to ensuring that any processing is correct and complies fully with the new GDPR. In large part, with the very welcome support of the DVLA, the membership has been able to achieve this… albeit there may still be some housekeeping with outstanding customers required for some time to come.”

For those people who would like an ADLV member to contact them, please visit the contact us page on the website www.adlv.co.uk

GDPR based changes announced by the DVLA, this month, mean that over 2 million drivers will be required to grant new driving licence data permission to their fleet operator. Only by complying with the new rules, which come into effect 25^th August 2018, will fleet drivers be properly checked.

The new GDPR regulation will apply to all private and public sector organisations processing Personal Data and receiving driver information from the DVLA. Employers and fleet managers, who are legally obliged to check a drivers’ entitlement to drive, will be under enormous pressure to hit the August deadline. To ease the burden, ADLV member companies, who facilitate online licence data checking, are contacting their customers to advise on the new compliance requirements.

ADLV members and their customers must satisfy themselves that the new fair processing declaration complies with the new data protection legislation and is permitted by the driver. ADLV members will advise customers on the implication of the change and how they can ensure compliance with the new DVLA requirements.

Kevin Curtis, Technical Director of the ADLV commented, “This is a huge shift for the DVLA and indeed the driving licence checking industry as a whole. From a technical and compliance perspective, all employers and third parties who are responsible for licence checking will need to be able to demonstrate that the new fair processing declaration has been signed by the driver. This will need to be stored in a way that can be audited by the DVLA to ensure compliance with the new GDPR legislation. This is good news for ADLV members as we are all ISO27001 accredited – and this simply raises the bar for security and data processing within the industry. Any companies that were not data-secure will now have to adhere to these new standards which is good for data protection and the licence checking industry as a whole.”

Commenting on the changes, Malcolm Maycock Chair of the ADLV commented, “The security of data and compliance in accordance with legislation, whether it is Data Protection regulations or current work-related road safety legislation, is a core business function of ADLV members. Whilst this is a mammoth task in a short timeframe, our members are committed to ensure that all processing is correct and complies fully with the new GDPR legislation. The good news is that the new Data Processing Declarations will continue to remain valid for 3 years from the date permission is granted.”

The Association For Driving Licence Verification (www.ADLV.co.uk ) is to work closely with the DVLA on the implementation of GDPR (General Data Protection Regulation) for the ADD service. By helping to explain the GDPR rules for its members’ fleet customers, the ADLV believes that discussions will help to define the industry standard.

The ADLV will support members with an advisory document for fleet managers, which will include such topics as:

• The content of Privacy Notices on how the data will be used and how long information can be held.
• Required Audit trails and what happens to the data afterwards.
• The right to be forgotten.
• Potential changes in the mandate and the associated terms and processes.
• Required Training Issues.

Commenting on the new regulations, Terry Hiles ADLV Director and Commercial Director of Licence Check Ltd, noted, “GDPR is going to present a challenge to a worryingly large number of businesses which have hitherto assumed that sitting beside the driver to look at their licence details using the DVLA’s service for individuals is sufficient evidence of consent. As an association, speaking to businesses of all sizes in the UK, we find that our members encounter this on a daily basis. The reality is though that this service is for the individual driver’s use only.”

Commenting on the joint discussions with the DVLA, Kevin Curtis ADLV director and Managing Director of Driving Monitor added, “GDPR is the biggest data challenge on the horizon for fleet managers. However, the ADLV will be advising our members on how to prepare fully for the changes ahead. We are delighted to be working with the DVLA as a new contract is being prepared for ADD users.”

“ADLV aim to publish a membership advisory document early in 2018 and will be available to answer queries for members online.“

For her part, Donna Jones, Senior Commercial Data Sharing Manager at DVLA Commented, “we welcome the advice that is to be given to ADLV members. The DVLA has been undertaking a detailed review of all its contracts in relation to GDPR, including the ADD contract which we expect to rollout in March 2018, in readiness for the new legislation being implemented from 25 May 2018.”