GDPR in Conjunction with Driving Schools

Driving schools are just one of many industries that are affected by the latest GDPR legislation – an acronym for General Data Protection Regulation – which the EU introduced. This was put in place on 25th May 2018, and any business that collects, records or handles any type of personally identifiable information (PII), also known as personal data, about clients or customers must follow it. It applies to all European countries, which Britain still currently is.

There are five main things that driving schools and instructors need to know about GDPR in relation to their businesses.

1. GDPR’s Origins

GDPR intends to serve as a revision and update to the previous data protection laws: the 1998 Data Protection Act. In over two decades, so much has changed when it comes to technology, access to and availability of information, and the Internet itself. It is clear why a modern revisit of data protection laws was needed.

GDPR also outlines some of its official aims in an EU statement, including the goal to “harmonize” data protection laws throughout Europe, and to increase the rights and protection of individuals in reference to their personal data.

2. Personal Data and Our Industry

Driving schools use and record a lot of personal data about our students, customers and users of our website. There are lots of different types of PII, but some examples of PII that driving instructors handle on a routine basis are: their pupil’s first names and surnames, home address, contact telephone number, driving licence information, and more. Any time you handle any type of PII, you must follow GDPR guidelines.

3. GDPR and Consent

The DPA did not delve into a lot of detail about consent, and as such, passive consent was perfectly fine and legal to obtain from data subjects. The GDPR amends this, reframing consent from something that can be passive into a clear action that is active and affirmative on part of the data subject. This excludes opt-out subscription schemes and pre-ticked checkboxes as viable forms of consent, so if you still only gain passive consent, you are breaching GDPR.

4. Documents About Personal Data

GDPR states that you must have the following information regarding personal data accessible in the form of documents: a detailed explanation of why you need to collect PII from the data subject, an explanation of how you will use this data, how the data will be stored, for how long the data will be stored, and how the data will be erased. Some other documents you need to have are a comprehensive privacy policy and full contact details.

5. Rights of Data Subject

You also need documents that outline the rights of the data subject on your driving school’s website, for your clients and website users to easily locate. These rights are: the right to access personal data, the right to rectify the personal data, the right to restrict the ways in which their personal data is processed and the right to erasure of personal data.

Kelvin White Driving School has been providing local driving lessons in Somerset since 2001 and currently operate in the following towns:

Bridgwater, Taunton, Wellington, Ilminster, Tiverton, Dulverton, Minehead,  Exeter , Somerton. Weston Super Mare.

Burnham On Sea.

The theory test