Guidance

Driver Certificate of Professional Competence (CPC) and Taxi Driver Periodic Training (TDPT): privacy notice

Updated 4 September 2025

1. About this service or activity

The Driver and Vehicle Standards Agency (DVSA) is an executive agency of the Department for Transport (DfT). DVSA administers the Driver Certificate of Professional Competence (CPC) and taxi driver periodic training (TDPT) schemes.

To manage the approvals and audits for these schemes DVSA provides associated guidance and support to the training providers. DVSA also provide a ‘find your nearest’ service on our training accreditation website so the public can find relevant training.

The data controller for DVSA is DfT - a data controller determines the reasons and how personal data is processed. For more information, see the Information Commissioner’s Office (ICO) Data Protection Public Register. DfT’s registration number is Z7122992.

We operate the TDPT scheme on behalf of the Driver and Vehicle Agency (DVA) in Northern Ireland. For this scheme, DVA are the data controller, and DVSA are the data processor.

By indicating the approved course should be considered for Earned Recognition acknowledged courses on DCPC application form, the course summary and training provider details will be shared with the Earned Recognition team.

2. Data we need for training providers

The personal data we collect from the responsible person and primary contact for approved training providers is:

• name
• address
• email address
• phone number

The personal data we collect from trainers will include:

• trainer’s names
• a unique identifier such as a driving licence number or date of birth
• evidence of their training skills, subject knowledge and experience – for example qualifications or certificates to deliver training, rehabilitation or examinations

The personal data we collect about training will include:

• dates and times of courses
• trainer names
• client names
• locations of courses

The lawful basis for processing is public task under:

• 2007 No. 605 Road Traffic - The Vehicle Drivers (Certificates of Professional Competence) Regulations 2007
• The Taxi Drivers’ Licenses Regulations (Northern Ireland) 2014

3. Data we need for getting a Driver CPC course approved for Earned Recognition

The personal data we will collect from training providers is the organisation name.

The lawful basis for processing data for getting a course approved for Earned Recognition is public task.

4. Data we need for the find your nearest service

DVSA operates “find your nearest” services for:

• find a Driver CPC training course
• find taxi driver periodic training courses

The lawful basis for processing data for the find your nearest services is consent.

If you choose to opt-in, the data that will be published for the service will include:

• business name
• telephone number
• address
• website address
• email address
• approved course details
• planned training including, date, times, sector address including postcode

To withdraw your consent for the find your nearest service email DCPC_CC@dvsa.gov.uk

Where you withdraw your consent, we aim to process your request within 5 working days.

5. Why we need the data

We need the personal data we collect from you to approve, audit and oversee your training provider and the courses you provide.

We need your data to add you to the relevant find your nearest service and remove you from this service (should you request removal from it).

We share your data with Competence Assurance Solutions (CAS) so they can carry out audits to ensure that Driver CPC periodic training is being carried out properly.

6. What we do with it

We collect, use and store the data you give us for the reasons set out in this policy. We will not:

• sell or rent your data to third parties
• share your data with third parties for marketing purposes

We will share your data if required to do so by law - for example, by court order, or to prevent fraud or other crime.

We operate the TDPT scheme on behalf of the Driver and Vehicle Agency (DVA) in Northern Ireland. This includes receiving and reviewing course applications for TDPT and making recommendations to DVA for approval and refusal. Additionally, DVSA audit these courses on behalf of DVA. If you’re a taxi driver periodic training provider, your data will be accessible to DVA.

7. How long we keep your data

We’ll only keep your personal data for as long as it is needed for the reasons set out in this policy or as long as is required by law.

We will hold your personal data for 4 years after your centre approval expired.

8. Where it might go

Our IT infrastructure and technology has been checked to make sure it’s safe and secure.

All your data is held on DVSA servers based in the UK.

9. Protecting your data and your rights

The DVSA personal information charter sets out what steps are taken to protect your data, and the rights you have over your data.

10. Automated decision making and profiling

Your data is not subject to automated decision making or profiling as defined in data protection legislation.

11. Changes to this notice

We may change this privacy notice at our discretion at any time.

When we change this notice, the date on the page will be updated. Any changes to this privacy notice will be applied to you and your data as of the revision date.

We encourage you to periodically review this privacy notice to be informed about how your data is protected.

12. How to contact us

If you have any questions about anything in this document or if you consider that your personal data has been misused or mishandled, you can contact the DVSA data protection manager

DVSA data protection manager

Data Protection Manager
DVSA
1 Unity Square
Nottingham
NG2 1AY

Contact DVSA customer services if you have a query that is not about how your personal data is used.

You may also make a complaint to the Information Commissioner, who is an independent regulator.