Fleet News

Jaama urges users to check data ahead of GDPR launch

Licence checking stock image

Users of Jaama’s Key2 vehicle and driver management system have been urged to undertake a data mapping exercise ahead of the introduction of the General Data Protection Regulation (GDPR).

Jaama has called GDPR, which comes into effect on May 25, “the most important change in data privacy regulations in 20 years”.

Under GDPR, employers must ensure that employees’ personal data - as well as that relating to clients and prospects - is processed lawfully, transparently, is secure, and is only held for a “legitimate business interest”.

That, for example, could include recording driver licence-related information, the capture and processing of mileage for travel management and business expense claims, accident-related information, fuel data capture and the use of driver behaviour data from in-vehicle telematics.

Martin Evans, managing director of Jaama, said: “Key2 users must reacquaint themselves with the role that data plays within their organisation, and how data belonging to individuals flows around both internally and externally. Employers should only collect data that is required for specified, explicit and legitimate purposes.

“They should familiarise themselves with the current data held and processes and establish if any non-essential data is held. It is important to undertake a data mapping exercise to establish where data is.

“Key2 users must be transparent about how they collect data, what they do with it, and how they process it and be clear in their explanation to employees.”

However, under GDPR once data is no longer required it should be deleted. As a result, Key2 users - as part of the latest system enhancement - now have the ability to ‘obfuscate data’ from the system - information is scrambled to prevent unauthorised access.

Evans said: “Drivers have the right to obtain from Key2 users the erasure of any personal data. This can either occur when the storage of personal data is no longer necessary in relation to the purpose for which it was originally collected, or if the subject withdraws consent to store personal data.”

He continued: “Data can be obfuscated in Key2 in several ways including through rule builder and criteria selection. All mandatory fields that contain personal data - any information relating to an individual that can be used to directly or indirectly identify them - can be selected for obfuscation.”

GDPR builds on existing data protection legislation with a particular focus on digitalisation and technology. Core to the 1998 Data Protection Act are eight data protection “principles” and GDPR reforms those and introduces new “principles” of transparency and accountability with the ability to “prove consent” a significant pillar of the new regulations.

Penalties for breaching the core “principles” of GDPR are potentially huge with a maximum fine for companies of €20 million or 4% of total worldwide annual turnover of the preceding financial year, whichever is the higher. What’s more the reputational damage of businesses misusing or losing data could be significant.

Click here for fleet management software best practice and procurement insight

Leave a comment for your chance to win £20 of John Lewis vouchers.

Every issue of Fleet News the editor picks his favourite comment from the past two weeks – get involved for your chance to appear in print and win!

Login to comment


No comments have been made yet.

Related content

Compare costs of your company cars

Looking to acquire new vehicles? Check how much they'll cost to run with our Car Running Cost calculator.

What is your BIK car tax liability?

The Fleet News car tax calculator lets you work out tax costs for both employer and employee