The implementation of the GDPR affects almost all companies, as already explained in our article GDPR: Am I affected? explained. In the case of driving schools, processing of personal data takes place in any case, regardless of size. Therefore, the requirements of the GDPR must be complied with.
With easyGDPR, we have developed the right tool to enable driving schools to implement the DSGVO with little effort. A dedicated template specifically for driving schools ensures quick implementation and prevents important steps from being forgotten.
The following are things for driving schools to consider:
Risk analysis
Before the actual implementation can begin, you must first perform a risk analysis. This involves recording which personal data is processed in your company and what risk the data subjects are exposed to. Their technical and organizational protection measures are also under scrutiny.
Technical and organizational measures
If their current measures are not sufficient to ensure data protection in their driving school, further steps are necessary. For example, the encryption of customer data is a technical measure to prevent unauthorized access to personal data. The installation of an alarm system, for example, should be considered as an organizational measure, as this also makes it more difficult to steal customer data.
Documentation
Documentation is one of the most essential points of the General Data Protection Regulation and should not be taken lightly. You must record all processes in which personal data is collected. For each of these operations, it is necessary to state:
- What personal data is processed?
- Why are these recorded?
- What legal basis justifies the processing?
- How long will the personal data be stored?
Writing this documentation with Word or Excel is not only extremely time-consuming, but there is also a risk that business processes will be forgotten. In addition, the maintenance of a document of this size is difficult. The solution is called easyGDPR – with this online tool you can generate the documentation by generator. It has its own template for driving schools, which means that the typical processing steps are already covered and you only need to adjust or add minor details.
Processor
If you pass on personal data to a company, the GDPR refers to so-called data processors. The transfer of this data is only permitted if it is necessary for the fulfillment of the service. In any case, the data transfer must be regulated by contract.
Advertising
Once the training contract is concluded (the training ends), further data processing requires the consent of the learner driver. If, for example, you wish to remind the driver of the completion of the perfection drive or the completion of the driving safety training, this is only permissible if you have received the consent for this in advance. You can create a corresponding form with easyGDPR.
Stakeholder inquiries
The GDPR gives every private individual the right to know what happens to his/her personal data. Thus, former driving students can also contact you to inquire which data you have stored, how this data is or was processed and when this data will be deleted. You must respond to these requests and delete the data unless there is a legal obligation to store the data(right to be forgotten).
easyGDPR – the optimal solution for driving schools
With easyGDPR, you get the optimal solution for the implementation of the DSGVO. A dedicated template specifically for driving schools allows you to quickly create their documentation including processing directory, risk analysis and data processors without any prior knowledge. Thanks to generator creation, the documentation is also easily expandable and customizable.