Key2 users urged to undertake data mapping exercise for GDPR

Users of Jaama’s multi award-winning Key2 vehicle and driver management system have been urged to undertake a data mapping exercise ahead of next month’s introduction of the General Data Protection Regulation (GDPR).

The regulation comes into effect on May 25 and organisations in non-compliance may face heavy fines of up to €20m or 4% of annual worldwide turnover – whichever is higher.

Under GDPR, employers must ensure that employees’ personal data - as well as that relating to clients and prospects - is processed lawfully, transparently, is secure, and is held for a “legitimate business interest”.

For example, that could include:
• Recording driver licence-related information;
• The capture and processing of mileage for travel management and business expense claims;
• Accident-related information;
• Fuel data capture;
• And the use of driver behaviour data from in-vehicle telematics.

Martin Evans, managing director of Jaama, said: “Key2 users must reacquaint themselves with the role that data plays within their organisation, and how data belonging to individuals flows around both internally and externally.

“They should familiarise themselves with the current data held and processes and establish if any non-essential data is held. It is important to undertake a data mapping exercise to establish where data is.

However, under GDPR once data is no longer required it should be deleted. As a result, Key2 users - as part of the latest system enhancement - have the ability to ‘obfuscate data’ from the system.

Mr Evans said: “Drivers have the right to obtain from Key2 users the erasure of any personal data. This can either occur when the storage of personal data is no longer necessary in relation to the purpose for which it was originally collected, or if the subject withdraws consent to store personal data.”

He continued: “Data can be obfuscated in Key2 in several ways including through rule builder and criteria selection. All mandatory fields that contain personal data - any information relating to an individual that can be used to directly or indirectly identify them - can be selected for obfuscation.”