GDPR and what it means for GPS tracking

The general regulation for data protection called GDPR has been one of the main topics lately and we are no exception. Our company due to the nature of our work that is based on GPS technology and data collection, used this opportunity to further improve in the area of data protection. In the following article we will in short introduce how we have made our GPS tracking system sledenje.com GDPR compliant and what that means for your, our client.

What is GDPR?

GDPR or General Data Protection Regulation is a European Union regulative 2016/679 by the order of the European parliament and the Council for the protection of individuals with regard to the processing of personal data and free movement of data. It replaces the Data Protection Directive 95/46/EC and was designed to unify data privacy laws across Europe. GDPR came into effect on May 25^th 2018[1].

Every individual has the right to the protection of personal and sensitive data because personal data protection is defined as a basic right. GDPR ensures equal rights and data privacy of all EU citizens and aims to reshape the way organizations across the region approach data privacy. It places a big emphasis on the principle of responsibility and demands a preventive and proactive approach by recipients[2] as well as the processors[3] of personal information. In the case of GPS tracking that means you our client and us, the GPS tracking system provider.

What is personal data and it’s processing?

Personal data is any kind of data that is connected to a specific or specified individual, meaning an individual, whose identity can be directly or indirectly determined based on a specific indicator such as a name, identification number, location, web identifier or by naming one or more parameters that are specific to that person and their identity either physically, physiologically, genetically, mentally, economically, or culturally.[4]

Processing of personal data is any act or a set of acts connected with personal data that are performed with means of automatization or without.

What is the link between personal data and GPS technology?

In a GPS tracking system, the following kind of personal data is being processed, that clients have access to with an assigned username and password.

• Date, time, and location of vehicle drives,
  

  Data protection

• Date, time, and location of vehicle stops,
• Vehicle driver in the case of driver identification.

What elements make the system sledenje.com GDPR capable?

Based on the classified nature of data acquired with GPS technology our company has been adamant in applying the appropriate technical and organizational tools, expert knowledge and dependability to everything we do. This way we can guarantee the appropriate level of personal data protection as well as the protection of all other collected data with the help of GPS technology.

We would like to point out several activities that make the system sledenje.com GDPR capable.

• The preparation of a contract for personal data processing and protection as an addition to the general contract for using the system sledenje.com. This legal act specifies the exact rights and responsibilities when it comes to personal data processing.
• As an organization we work in accordance with all the accepted technical and organizational acts that guarantee the appropriate level of security.
  • Safety of office space, hardware and software equipment,
  • Regulations to prevent unauthorized access to data,
  • Limited access to sledenje.com system with username and password,
  • Protocols to make sure assigning user accounts can only be done by the authorized personnel on the side of the client,
  • Allowing only the assigned user to change their own login information,
  • The data acquired by the GPS device is automatically stored into the information system and its’ database. The data is encrypted, anonymous, and accessible only to the authorized user with a specific username and password,
  • Termination of data processing immediately after the purpose/basis for data processing is completed, terminated, or requested by the client,
  • Traceability and an audit trail that ensures the tracking of user activity within the system.

Changes on the level of user applications

We are also introducing certain improvements on the level of user applications, that were brought upon by GDPR. These improvements allow even more autonomy for our clients when it comes to their fleet administration. With the acknowledgement that being independent is very important for our clients s-Admin allows the following.

• Independent and automatic user account management,
• Independent assignment of level user access,
• Independent fleet identification management.

At Sledenje we have been dedicated to safe collection, processing, and storage of data from the very beginning because we know that is the only way to ensure that our client receive the level of service they willingly deserve.

The above-mentioned improvements will be introduced to you by our team of experts. We also encourage you to contact us if you have any additional questions or interest for more information.

Sincerely, team Sledenje

 

[1] Access via website: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

[2]‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

[3]‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

[4] 4^th act of GDPR