General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679

https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

Dashcam/video telematics in a commercial fleet typically processes personal data (e.g., faces, licence plates, location/time, and driver behaviour). GDPR therefore applies to the collection, storage, access, disclosure, and retention of the footage.

EU Regulations

Art. 5 – Principles (lawfulness, fairness, transparency, data minimisation, storage limitation, integrity/confidentiality, accountability)

SafeFleetView Compliance

Clear purposes (safety, incident investigation, claims support); data minimisation (event-based clips, limited event set); strict retention; access control and audit logs; documented policies for accountability.

SafeFleetView dashcam can support essential video monitoring for road and in-cabin events.

With minimisation of the data by configuration, allow to set limited data retention, and strict access to configuration and data with user management.

Art. 6 – Lawfulness (legal bases; most fleet safety use-cases rely on legitimate interests)

We rely on documented lawful basis, typically legitimate interests (Art. 6(1)(f)) for safety and incident handling, and perform a Legitimate Interest Assessment (LIA) to confirm necessity and balance against individuals’ rights, with safeguards (minimization, short retention, restricted access).

SafeFleetView provides the equipment for event monitoring. We need to confirm with the customer regarding incident handling.

Arts. 13–14 – Information duties (transparency notices to drivers and, in practice, layered notice for third parties)

We provide clear, layered transparency: driver notice (what data is collected, why, legal basis, retention, access, rights) and, where appropriate, a vehicle sticker/QR link to a public privacy notice for third parties

SafeFleetView provides the equipment for event monitoring and will not actively collect any data. The customer should confirm what kind of information is stored or collected (e.g. video evidence), and confirm with the driver and third parties.

Art. 25 – Data protection by design and by default

The default configuration is privacy-minimized:

• event-based capture/retention,

• limited categories of events,

• least-privilege roles,

• controlled exports,

• retention settings are set to the shortest operationally justified period.

Optional features (e.g., broader recording/long retention) are disabled unless explicitly justified and approved.

SafeFleetView dashcam supports the mentioned configuration, provided that it's correctly configured.

Art. 28 – Processor contracts and obligations

We establish a GDPR-compliant Data Processing Agreement (DPA) covering instructions, confidentiality, security, sub-processors, assistance with rights/DPIA, breach notification, and deletion/return at end of service.

Art. 32 – Security of processing (RBAC, logging, encryption, etc.)

We implement appropriate technical and organisational measures: role-based access control

All the data that store in the dashcam are encryted, and only the authorized user may have access.

Art. 35 – DPIA (often required for systematic video monitoring / high-risk processing)

We conduct a DPIA for the project, where processing is likely high-risk (systematic video processing, employee context, public-space capture). The DPIA documents purposes, necessity, risks, mitigations (event-based retention, minimisation, access controls), and acceptance criteria.

Need the customer to confirm regarding DPIA and how to process likely high-risk information.

Arts. 15–22 – Data subject rights (access, erasure, objection, restriction, etc.)

We define a practical DSAR process: receiving and verifying requests, locating relevant clips, applying redaction/blur where needed to protect third parties, responding within GDPR timelines, and handling objections/restrictions with documented decisions, while preserving incident evidence where legally necessary.

SafeFleetView dashcam can support applying blur to the video if needed.

EU Charter of Fundamental Rights (Articles 7 and 8)

EU privacy and data protection are fundamental rights under the Charter of Fundamental Rights of the EU

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A12016P%2FTXT&utm

EU Regulations

Article 7 (Respect for private and family life)

Article 8 (Protection of personal data)

SafeFleetView Compliance

We minimise intrusion and ensure fair, proportionate use by limiting video to safety/incident/claims purposes, using event-based clips (short loop buffer, no unnecessary continuous storage), applying short retention with strict RBAC/audit logs and controlled exports, providing clear driver and public notices, and supporting GDPR rights with redaction where needed.

SafeFleetView dashcam can support event-based recording with configurable retention, allow only authorized users to access configuration.

CJEU case law - Ryneš (C-212/13)

The Court of Justice (Ryneš, C-212/13) confirms that recording which captures public space is generally not covered by the “purely personal/household activity” exemption. This supports the view that dashcam processing is subject to EU data protection rules where it captures public areas (relevant by analogy and frequently cited in video surveillance contexts)

https://www.dpcuria.eu/case?reference=C-212%2F13&utm

EU Regulations

This supports the view that dashcam processing is subject to EU data protection rules where it captures public areas (relevant by analogy and frequently cited in video surveillance contexts)

SafeFleetView Compliance

We follow video-specific GDPR controls: clear safety/incident purposes, event-based capture and short retention, layered transparency (driver + public notice), strict role-based access and audit logs, and controlled disclosure/export

SafeFleetView provides the equipment for event monitoring, which supports event-based/limited retention and strict access/export controls by user management.

Need the customer to confirm the documented lawful basis and notify the driver.

EDPB guidance (authoritative GDPR interpretation)

https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32019-processing-personal-data-through-video_en?utm

EU Regulations

EDPB Guidelines 3/2019 – Video devices

https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32019-processing-personal-data-through-video_en?utm

SafeFleetView Compliance

We follow video-specific GDPR controls: clear safety/incident purposes, event-based capture and short retention, layered transparency (driver + public notice), strict role-based access and audit logs, and controlled disclosure/export

SafeFleetView provide the equipment for event monitoring, which support event-based / limited retention and strict access/export controls by user management. Need customer to confirm documented lawful basis and notify driver.

EDPB Guidelines 1/2024 – Legitimate interests (Art. 6(1)(f))

https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2024/guidelines-12024-processing-personal-data-based_en?utm

We document the three-part test (purpose, necessity, balancing) via an LIA, and apply safeguards minimisation, limited retention, restricted access, and clear notices—to ensure individuals’ rights are not overridden.

SafeFleetView provides the equipment for event monitoring, which support event-based/limited retention and strict access/export controls by user management. Need customer to confirm regarding the three-part test.

EDPB Guidelines 07/2020 – Controller/Processor roles

Guidelines 07/2020 on the concepts of controller and processor in the GDPR | European Data Protection Board

We define roles upfront (Customer as Controller; vendor as Processor where applicable),

SafeFleetView can support as a processor and provide technical support when needed, following the relevant contracts signed in advance.

SafeFleetView can support as a processor and provide technical support when needed, following the relevant contracts signed in advance.

EDPB Guidelines 4/2019 – Article 25 (privacy by design/default)

https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-42019-article-25-data-protection-design-and_en

We implement privacy-by-default settings (event-based storage, shortest retention, least-privilege roles, export controls)

SafeFleetView dashcam can support event-based recording with configurable retention, and allow only authorized users to access the configuration.

ePrivacy Directive (limited relevance, but include for completeness)

https://eur-lex.europa.eu/eli/dir/2002/58/oj/eng?utm

EU Regulations

The ePrivacy Directive 2002/58/EC applies mainly to electronic communications. It is not the primary regime for dashcams, but may become relevant depending on how communications / metadata are processed (e.g., certain telecommunication aspects).

SafeFleetView Compliance

Dashcam video is governed primarily by GDPR. ePrivacy becomes relevant only for the connectivity/communications layer (e.g., SIM, network metadata). In that case, communications data is handled under the telecom provider’s ePrivacy obligations, and we limit our use to what is strictly necessary for service operation, with clear notices and strong security.

SafeFleetView only provides the equipment for event monitoring, and communications data will only be used depending on the customer's need for remote access or evidence upload, with strict control of user management.

Need the customer to confirm regarding the data handling.