Skip to content


GDPR project provided greater view to data privacy

By Jennifer Brown

Category: Risk Management
Department size: Small
Company: Geotab

When you think about the amount of data Geotab collects on a given day, it can be a little daunting to think about where it is stored and what would happen if a customer’s information was accessed by someone other than those for whom it was intended.

Oakville, Ont.-based Geotab is a telematics company and, essentially, it connects vehicles to the internet. Its business involves the monitoring of vehicles, typically for fleets, through the use of a device that plugs into a vehicle and tracks GPS position, speed and other information that can be derived from the engine. Geotab has more than 1.2 million connected vehicles right now and it collects more than two billion data points each day from those vehicles. That data is used in its data science operations to provide insights to fleet customers and to others that can only be derived from analysis of data on such a large scale.

Last year, the legal department at Geotab set about to answer the demands of the General Data Protection Regulation. The GDPR is a set of rules created to give citizens of the European Union more control over their personal data. Even though the company has a small footprint in Europe, it was a critical initiative for Geotab.

“The legal department at Geotab is very much integrated into the business,” says Laurence Prystawski, general counsel at Geotab. “We don’t have offices — we sit in an open-concept environment with our partners in the business, so I think we had a head start from the way the company and the legal department is structured because the GDPR effort involved pulling in stakeholders from all the various business functions both in Canada and in Europe to assess what data we have, where it goes, how we handle it and how we process it and how much of it is personal data.”

Much of the data Geotab manages involves technical data from vehicles. Prystawski says the initial impression was there wasn’t that much personal data they needed to worry about, but as they dug deeper they realized it all had to be treated as personal data to set the bar high enough to ensure what personal data Geotab does handle is handled correctly.

The project was led by Jonathan Strong,  who worked with Geotab business colleagues and external counsel at Baker McKenzie in Toronto and Palo Alto, Calif. to manage the initiative.

“Our office is based on Google tools, which are fantastic for collaboration. A lot of what we did across business units and across geographies was made simple by the use of Google docs. I think that made the project that much easier — to collaborate electronically and act on feedback without having to find a common time to get on the phone,” says Prystawski.

“I think since doing this project we have strengthened our security and operations department and I think the company is more privacy aware. One of the really great side effects was it raised the awareness of privacy both at home and globally. It has definitely been a business advantage and differentiator for our teams in Europe. We deal with a reseller network in Europe and we have received positive feedback from them on our GDPR package and readiness and it made us look that much more professional-ready and on the ball for business in Europe,” he says.

Baker McKenzie nominated Geotab for the Innovatio award.

“Geotab legal’s approach has been innovative because it has shown a particularly proactive and organized approach to getting ahead of the legal issues raised by the GDPR,” said Lothar Determann, partner at Baker McKenzie in Palo Alto. “The GDPR is one of the strictest privacy laws in the world and requires organizations to design and structure their operations in a manner that protects the privacy of individuals, and to carefully document the measures that it implements to secure individuals’ personal information.”