Table of Contents
Most business owners already know the need to carry out data processing in line with the General Data Protection Regulation (GDPR). The Information Commissioner’s Office (ICO) draws significant headlines for fining UK organisations up to £17.5m for GDPR violations. However, some companies have not realised the breadth of the information affected by GDPR rules. This article will help you understand what personal data your business can and cannot process concerning vehicles and car parks.
What is the General Data Protection Regulation?
The GDPR contains the primary data protection rules for UK organisations. Whilst the GDPR is a complex piece of legislation, it primarily seeks to encourage UK businesses to:
- only collect information when truly necessary and for a legitimate purpose;
- store personal data safely and securely;
- protect personal information from unauthorised access and cyber-attacks;
- avoid exposing individuals to unreasonable monitoring methods;
- only use personal data in line with the purpose or content upon its collection; and
- safely delete personal information when of no further use or purpose.
What is the Information Commissioner’s Office?
The UK Government launched the ICO for two primary purposes. The first was to assist UK organisations with data protection compliance (mainly through the helpful online guides on their website). The second reason was for the ICO to act as a referee and hand out financial penalties to UK businesses that ignored or committed significant breaches of the GDPR.
Notably, the ICO’s remit includes personal information relating to vehicles because you can use this information to identify an individual. After all, the identification of potential drivers is one of the reasons behind vehicle registration numbers.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Information You Can Collect Regarding Vehicles
The two most common legal purposes for collecting vehicle information are to enforce parking restrictions and assist with site security.
Most supermarkets will offer free public parking if the vehicle owners are supermarket customers and leave within a certain period. Naturally, all companies wish to avoid suspicious vehicles staying on-site without apparent purpose.
The GDPR and ICO accept that these goals and objectives are reasonable, so they allow the appropriate collection of the following forms of personal data:
- vehicle registration numbers;
- details of vehicle manufacturers and model names;
- arrival time; and
- exit time.
Your business may collect this data manually (through a parking warden) or electronically (through an automatic number plate recognition system (ANPR). However, to do so, your company should place large warning signs around the car park warning of your data collection methods and parking rules.
Vehicle Information You Should Not Collect
Whilst your company has a degree of flexibility regarding the information it can collect, you must ensure your monitoring system is not overly intrusive.
So, for example, unless there is a high degree of security risk at your premises, a facial recognition system identifying the drivers of each vehicle is unlikely to comply with GDPR rules. This is because collecting sensitive data, such as biometric data or facial identification, is disproportionate to enforcing car park rules.
Another example would be noting the number and ages of passengers per vehicle in a spreadsheet. Again, there is no legal need for your business to record this information. If the car contains visitors, you can collect this information at the entrance of your premises instead.
Overall, our data protection laws allow you to collect relevant personal vehicle information and restrict you from collecting irrelevant data relating to passengers.
Key Takeaways
Overall, the GDPR does not prevent your business from capturing personal data about visiting vehicles but only permits you to collect relevant information. In this way, the ICO will not impose a hefty financial penalty for vehicle information that reasonably helps your company keep your premises secure and enforce car park rules. So naturally, many business owners obtain legal assistance with the wording of car parking signage and the safe collection of vehicle information.
If you need help with the safe collection of vehicle data, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
The ICO believes that information about vehicle movements, such as geolocation data and arrival and exit times, can constitute sensitive information. This is because you could use it to track individuals (data subjects) without their express consent.
The UK Government recognised that the best way of ensuring UK business compliance with data protection rules was to impose sizeable financial penalties. To date, this approach has been quite successful.
We appreciate your feedback – your submission has been successfully received.