GDPR in Conjunction with Driving Schools

Driving schools are businesses that will be handling the personal data of their clients on a regular basis – as such, data protection laws have a direct effect on our business proceedings. On 25th May 2018, the previous 1998 Data Protection Act (DPA) was replaced by a revised General Data Protection Regulation (GDPR) which transforms the rules on what is an acceptable way to collect and handle people’s personal data.

It is crucial to be aware of how the GDPR could affect the running of your business, and driving schools are no exception. Much of the information taken about students, such as first name and surname, address, driving licence details, phone number, etc., would be considered personally identifiable information (PII) and as such there are strict rules of etiquette when it comes to how these are handled.

You may be wondering why the amendment to these laws was introduced. If you think about it, the original DPA was instated all the way back in 1998. Consider how much technology has transformed and evolved since then. The Internet used to be very simple, compared to the various social media platforms and websites available now. So how can you, as a driving instructor, ensure your operations align with the standards set out by GDPR?

Lots of schools which were already compliant with DPA will not need to change too drastically. However, it is important to be aware of the changed laws, and make any changes to your operations where appropriate. One way in which GDPR changes the rules surrounding data protection is by becoming more strict about consent. If your driving school website includes opt-out systems or pre-ticked checkboxes, you will need to update these. The aforementioned features would be considered ‘passive consent’ on behalf of the data subject, and now you must gain active, affirmative consent through a clear action on the data subject’s part. If you have not already changed this, then you must stop collecting the information altogether.

GDPR also increases the level of transparency necessary about how anybody’s data may be collected, how it will be used, and so on. The documents you need to have freely available are as follows:

● Privacy policy
● Full contact details for your business
● Why the data is being collected
● What you intend to do with the data
● How the data will be stored
● How long the data will be stored
● How the data will be erased
● Rights (of data subject) to access data
● Rights (of data subject) to erasure
● Rights (of data subject) to rectification
● Rights (of data subject) to restrict processing of your data

In order to make sure your driving school is fully compliant with GDPR, ensure all of the above are covered. This article is no substitute for legal advice, always speak to a professional if you are unsure. Data protection should be taken very seriously, as the punishments range from fines up to £8.8 million (or 2% of global turnover) for mild offences and up to £17 million (or 4% of global turnover) for larger breaches.

The theory test