GDPR Compliance

Data privacy, Personally Identifiable Information (PII) and GPS technology

In a GPS-based location tracking system, in order to achieve efficiency in travel time and fuel consumption among others, the following types of personal data is collected and processed so that the client has access to the fleet analytics. The data includes, but not limited to:

  • Date/time stamp of travel

  • Speed & Fuel data collected at regular intervals

  • Location data collected at regular intervals

  • Vehicle driver’s contact details for driver’s identification

  • Foreground services from mobile to send attachment data on server

  • Camera to upload images while adding vehicle on the system

  • Read Contacts in mobile application use to share location on specific number

  • Wifi state to check internet connection to access the application

GDPR compliance for GPS/Location data services

For fleet management companies operating in certain jurisdictions like the European Union, USA, Canada, UK, Australia, Singapore, there are privacy laws that regulate the usage of collection and storing of such data that unveils the precise geo-location of the vehicle and in turn the vehicle driver.

GPS information or location data is considered as a part of personally identifiable information (PII) as the location data, when coupled with other information, may lead to the identification of the individual. If you are using a location tracking service already or, planning to implement a GPS tracking solution for your fleet, then you might need to ask your vendor about the compliance of the location tracking solution’s compliance with the EU-GDPR since location data is normally collected with other PII like Driver’s name.

How Uffizio can help comply with GDPR:

For fleet owners who are considering implementing a cutting-edge GPS solution without breaching the privacy of their vehicle drivers, it becomes a necessity to verify the solution provider’s data privacy controls. Uffizio has integrated a world-class Privacy Management System in its location tracking solutions to stay in compliance with GDPR at all times.

Uffizio’s Privacy Information Management System ensures:

  1. All personally identifiable information is end-to-end encrypted.

    All the data sent from the GPS device of the vehicle to Uffizio’s data cloud is encrypted (encryption on transmission/encryption of data in motion)

    The data once processed, is also encrypted on the disk, so that in case of a data breach, the data remains unusable. (encryption of data at rest)

  1. Data minimization

    Uffizio’s solution is designed to collect only data that is necessary for the purposes of collection (the services being offered to the client). Minimal data collection means minimal risks posed by personal data.

  1. Third-party transfers

    As any other business, Uffizio leverages partnerships with vendors for storage and processing of location data. In order to safeguard the data privacy, Uffizio has vendor risk management procedures to ensure that all the vendors are vetted for privacy protection. For critical vendors who may access the data as a part of service delivery, Uffizio uses Data Processing Addendums (DPAs) used in conjunction with standard clauses to enforce best privacy practices on the vendors.

  1. Privacy by Design

    The product development team at Uffizio follows the ‘7 foundational principles of Privacy by Design’ in the product development process. This ensures the solution built by Uffizio not only brings value to the client’s business but also mitigates the privacy risks of such a solution.

    For more information on our GPS solutions that comply with Global privacy regulations including EU-GDPR, CCPA (California), PDPA (Singapore) and LGPD (BRazil), please contact us today and request a comprehensive report of data privacy practices at Uffizio.