Non-compliance poses a great operational risk for many businesses, as infringements are punishable by fines of up to €20m or 4% of the company’s total worldwide annual turnover, whichever is higher.
Sofico, which manages more than 1.5m vehicle contracts globally via Miles its software solution, has been explaining the new requirements to leasing companies, both captive and non-captive, along with other fleet clients to ensure they can be fully compliant by the time the new rules become law.
The data protection reform is intended to be a key enabler for a Digital Single Market (DSM), a priority of the European Commission, and to allow EU citizens and businesses to fully benefit from the new digital economy.
The new rules aim to assure that a number of principles are upheld regarding the lawful processing of personal data, such as transparency about which data is being stored and why, and limitations on what is stored and for how long.
At the same time, the new rules aim to better safeguard a number of rights for Individuals such as the right ‘to be forgotten’, while companies that process personal data must demonstrate they are compliant with legislation, both to regulators and stakeholders.
The new regulation raises the bar for compliance significantly, requiring greater openness and transparency. It also imposes tighter limits on the use of personal data and gives individuals more powerful rights to enforce against organisations.
Satisfying these requirements could prove to be a serious challenge for many organisations, Sofico believes.
Sofico is reviewing the impact of the new requirements with its clients with a view to enhancing its mainstream Miles software platform where required and ensuring that all Sofico customers have the means to be compliant by the time the new rules become law.
Gémar Hompes, Managing Director of Sofico, which is now present at 31 different sites in 20 countries around the world, said:”Bearing in mind the length of software release cycles from providers like ourselves, plus the update schedule of many internal IT departments, there's not actually a lot of time for leasing companies and captive finance providers to assure compliance before the deadline of next May.
“While some of the actions that need to be taken are strictly the responsibility of leasing companies, software suppliers will also need to make changes to any software used to gather or process personal data, to enable their customers to comply with the new regulations.
“Our customers are working with us to proactively review the impact that the new regulations will have on their set-up for Miles. And we already have a number of positive actions defined on our development roadmap which will be released as part of our regular product updates.
“This will allow our customers to comply with the new regulation by the time it takes effect next year,” he said.
Sofico has a project team working on all issues relating to the GDPR, and ensuring that its product and data processing activities allow clients to be compliant with the new regulation.
Issues currently being reviewed include data security, documentation of procedures, and contractual aspects required to satisfy the requirements imposed by the GDPR.
“Our objective is to ensure that all our customers are fully prepared for the implementation of the GDPR and are fully conversant with all the requirements of the new regulation by the deadline of May next year,” added Gémar Hompes.