Jaama is urging Key2 users to undertake a data mapping exercise ahead of this month’s introduction of the General Data Protection Regulation (GDPR).

Jaama’s Martin Evans is urging Key2 users to undertake a data mapping exercise ahead of GDPR

The new regulation comes into effect on 25 May and means that employers must ensure that employees’ personal data – as well as that relating to clients and prospects – is processed lawfully, transparently, is secure, and is only held for a “legitimate business interest”.

For fleets, this can include recording driver licence-related information, the capture and processing of mileage for travel management and business expense claims, accident-related information, fuel data capture and the use of driver behaviour data from in-vehicle telematics.

In response, Martin Evans, managing director of Jaama, said it’s important for Key2 users to undertake a data mapping exercise to establish where data is.

“Key2 users must reacquaint themselves with the role that data plays within their organisation, and how data belonging to individuals flows around both internally and externally. Employers should only collect data that is required for specified, explicit and legitimate purposes,” he commented.

“They should familiarise themselves with the current data held and processes and establish if any non-essential data is held.”

In addition, the GDPR legislation also means that once data is no longer required it should be deleted. As a result, the latest Key2 system enhancement provides users with the ability to ‘obfuscate data’ from the system – information is scrambled to prevent unauthorised access.

Penalties for breaching the core “principles” of GDPR are potentially huge with a maximum fine for companies of €20m or 4% of total worldwide annual turnover of the preceding financial year, whichever is the higher.

Evans added: “Key2 users must be transparent about how they collect data, what they do with it, and how they process it and be clear in their explanation to employees.”