Expert Advice Community

Guest

Software for creating the routes for the school buses

  Quote
Guest
Guest user Created:   Nov 04, 2020 Last commented:   Nov 06, 2020

Software for creating the routes for the school buses

We would like to create a software for the automated creation of routes for the school buses. We would use Google Maps api to create the individual routes to pass on addresses of the students (without names) to these api. What should we pay attention to?
0 0

Assign topic to the user

Assign

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Nov 06, 2020

You should pay attention to Google Maps API privacy notice, you should inform your user (school bus drivers) about geo-localization data and, of course, keep security measures about student’s address which are data (they may be considered as sensitive data under Article 9 GDPR in case they refer to minors). Pseudonymization or anonymization technique could help to increase security.

You should consider privacy from the earlier stage of designing the software following the principle of privacy by design as stated in Article 25 GDPR. ENISA the European Agency for Cybersecurity developed a recommendation on shaping technology according to GDPR provisions: https://www.enisa.europa.eu/publications/recommendations-on-shaping-technology-according-to-gdpr-provisions-part-2

I would recommend doing a Data Protection Impact Assessment (DPIA) under Article 35 GDPR in order to verify how the software will impact personal data and whether there is any risk for the freedom and rights of individuals involved arising from the processing of their data (bus drivers and students).

The Article 29 Working Party is a group of experts issued by the EU Commission in order to help controllers to comply with GDPR in the early stage. Now its functions have been transferred to the European Data Protection Board (EDPB). The Article 29 Working Party developed in 2018 Guidelines on Data Protection Impact Assessment (DPIA) https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236

Here you can find more information

You can also consider enrolling in this free online training EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 1
Guest
Denis Nov 06, 2020

Hello Alessandra, thank yoy very mutch for your reply! Could you please explaine how can we apply pseudonymization or anonymization to adresses without names? Thank in advance, kind regards, Denis

Quote
0 0
Guest
Denis Nov 06, 2020

Hello Alessandra, thank yoy very mutch for your reply! Could you please explaine how can we apply pseudonymization or anonymization to adresses without names? Thank in advance, kind regards, Denis

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 04, 2020

Nov 06, 2020

Suggested Topics