Frequently Asked Questions concerning GDPR
Warning:
This information is not legal advice. For any questions or concerns, please, contact your legal counsel or supervisory authority.
What is GDPR?
GDPR stands for General Data Protection Regulation.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (abbreviated as General Data Protection Regulation / GDPR) applies as of 25 May 2018.
It concerns the protection of the personal information of individuals and is applicable to the following cases:
– if the company conducts activities in the EU;
– if the processing activities are related to the offering of goods or services to individuals in the EU;
– if the monitoring of behavior of individuals takes place in the EU;
– if the EU law is applicable to the activities of the company.
Important:
GDPR is not applicable to anonymous information, namely information that does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This includes information that is used for statistical or research purposes, as GDPR does not cover the processing of this type of information.
Is GDPR applicable to activities of my company?
First of all, you should clarify whether GDPR is generally applicable to your company’s activities (see question 1). Then, you should identify if your company processes personal data.
According to GDPR, “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
According to GDPR, “Processing” means any operation or set of operations that are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
According to GDPR, “Controller” means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
According to GDPR, “Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Example 1. GDPR is applicable if you are an employer and monitor the location of the cars that belong to or are assigned to your particular employees. The data can include not just the vehicle’s location but the employee’s location as well. In this case, the data derived from the vehicle can help to identify the individual and their location.
Example 2. GDPR is inapplicable if you monitor the location of the cars that are linked to the company’s IP address and cannot be attributed to a particular person.
In order to decide whether there is a sufficient probability that the collected data will be used to identify an individual, all objective factors should be taken into account, such as the cost and amount of time required for identification, taking into account available technologies at the time of processing and technological developments.
This question is important because your company may be required to perform certain actions in accordance with the GDPR (see question 5). We recommend that you contact your local legal adviser or supervisory authority to determine whether the GDPR applies to your company’s activities.
Is GDPR applicable to activities of Pilot Telematics?
Pilot Telematics does not process any personally identifiable data of the end users of its partners.
However, in cases when partner of Pilot Telematics processes personal data using Pilot software, Pilot Telematics may act as a processor under GDPR (see question 6).
What actions does Pilot Telematics take to comply with GDPR?
Pilot Telematics takes all the necessary technical and organizational measures to comply with GDPR.
How does Pilot Telematics obtain consent to process personal data from the end-users of its products?
Pilot Telematics does not obtain consent from its partners’ clients. In case your company processes personal data (see question 2), Pilot Telematics is obliged to:
– Take certain actions to comply with GDPR;
– Ensure that it has a valid Data Protection Agreement with your company;
– Perform the obligations of the processor under Article 28 of GDPR.
What actions should my company take to comply with GDPR?
If your company is considered to be a controller or processor under GDPR (see question 2), you are obliged to perform certain actions under Articles 24–34 of GDPR.
The description of actions is also available here: https://ec.europa.eu/justice/smedataprotect/index_en.htm#target-4
Will I be subject to a fine if my company’s actions are not in compliance with GDPR?
Each supervisory authority shall ensure that the imposition of administrative fines with regard to GDPR is effective, proportionate, and dissuasive in each individual case.
The powers of the supervisory authority are detailed in Article 58 of GDPR.
How to connect Pilot?
Contact us
CONTACTS
Our Email
Flat 2005, Sliver Tower, Al khaleej Road, Business Bay Metro Station, Dubai, United Arab Emirates, 27795
Get the fresh news from our company
Contact us
Our Email
CONTACTS
Flat 2005, Sliver Tower, Al khaleej Road, Business Bay Metro Station, Dubai, United Arab Emirates, 27795
Get the fresh news from our company