Data protection law has changed. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Any company, big or small, will need to be aware of the new regulations regarding the secure collection, storage and usage of personal information and how they relate to their business. But the good news is that the GDPR recognises that smaller businesses require different treatment to large or public enterprises.
Read our GDPR Guide to help you get your head around all of the updates made.
We have also compiled a list of some useful links from the Information Commissioner’s Office (ICO) for you to look at.
While this is not an exhaustive list, the aim is to point you in the right direction:
- Head to the ICO for their guide to GDPR which goes into depth providing useful information. It’s not short, but it is helpful!
- Check whether you need to register with the Information Commissioners Office (ICO)
- If you’ve had enough reading, watch their video which leads you through their 8 steps you should undertake to meet GDPR guidelines.
- This document is particularly useful if you’re unsure about the use of cameras.
Privacy Policy
Ensure you have a Privacy Policy in place – here’s a good sample Privacy Policy to use as a starting point from Invest Northern Ireland, the official online channel for business advice and guidance in Northern Ireland. You’ll find several sample Privacy Policies around if you do a quick Google search, so you don’t have to use this one, but it might be useful to give you an idea of the sort of things to include.
We have been informed by DVSA that the ICO will be updating their own information and FAQs to include specific guidance for ADIs, so keep your eyes peeled for this in due course.
2 thoughts on “DIA GDPR Guide 2018”
I have read through this and a number of other pages offering advice. You make the assumption that all driving instructors do training.
Training is usually to a group not a individual. You are telling us to register to protect yourself in case you got it wrong. I am not registering I am complying only. No one can sort this as the regulations are so open as they try to deal with individuals and multi national companies.
I see lots of posts on social media where an instructor has taken a photo of a client with their pass certificate in clear view after passing their driving tests.
This must have a GDPR implication as there are personal details on view with a photo of the person and often the name of the individual is clearly stated in the social media post.
I don’t think that sole trader ADIs realise what they’re doing, probably through lack of awareness. Larger brands must make their employees and franchise holders aware of the rules and demonstrate due diligence appropriately.
What does the DIA think?