That’s the warning from Marcus Puddy (pictured), managing director of fleet consultancy Puddy Vehicle Solutions (PVS), who is also working with fleets on policies to deal with the deletion of data from in-car connected systems with next May’s introduction of the General Data Protection Regulation (GDPR).
The OBD-II port was originally intended as an access point for mechanics to gain vehicle diagnostic data, he explains, but has since become the plug-in point for aftermarket devices, notably ‘track and trace’ telematics systems.
Now, he adds, many vehicle manufacturers are looking to make the port obsolete amid growing concerns about the management of so-called ‘big data’, notably with the implementation of GDPR.
Puddy says: “The industry was first alerted to the risks and security of the OBD-II port being used by telematics devices, when hackers gained control of a Jeep by using a plug-in dongle with mobile connectivity.
“Since then at least one new car has been launched with no OBD-II port and we know German motor manufacturers, as well as other major carmakers, are collectively discussing restricting access to this data stream while a vehicle is in motion.” OBD-II port access for ‘plug and play’ aftermarket technology, therefore, could become obsolete on new models, as early as next year.
“While that will not impact on contracts relating to ‘track and trace’ systems fitted to existing fleet vehicles, fleet and procurement managers who sign such deals expecting the technology to also be added to new company cars and vans in the future, may find they are paying for something that cannot be used. Managers need to think carefully before signing long-term ‘plug and play’ technology contracts.”
Ahead of the introduction of GDPR, Puddy is advising fleet and data managers to remind company car and vans drivers of the importance of either manually deleting personal data from vehicles or using the ‘factory reset’ button.
He said: “Connectivity is on the radar of fleet managers, but, in my experience, not the importance of data management and deletion, notably in relation to GDPR where information is stored in a vehicle particularly from satellite navigation devices, multi-media systems and smartphones.
“Managers must have in place processes where they can be assured that either drivers are deleting data ahead of vehicle defleet or their leasing, rental and remarketing company partners have robust policies and procedures in place to efficiently and effectively manage the deletion on the return of the vehicle.”