On May 25, 2018, the general data protection regulations (GDPR)—Europe’s new data, privacy, and user consent regulations—take effect. Since we know that, autonomous vehicles are set to have a global impact on our relationship with mobility. At the same time, you will be generating a lot of personal data whilst driving,
such as the road conditions,
how many passengers are with you,
travel history and much more.
All that information by itself increases the mobility of people and gives them more relevant and useful information.
It is an exciting time and Playment is extremely proud to be part of that process. We’ve compiled the seven essential steps you need to take to help ensure you are ready for the May 25 deadline.
1. Are you a Data Controller (or) Data Processor?
Identify your role. When thinking about complying with the GDPR, you need to identify who the data controller is and who the data processor is with regard to any user’s personal data. Essentially, a “data controller” determines the purpose and means by which personal data is processed. The data controller is ultimately responsible for a user’s data protection. In many cases, a data controller may engage with a data processor, which is the company they provide instructions on how to process personal data.
It’s possible that an organization may be a data controller in some contexts and a data processor in other contexts. The GDPR requires that companies must identify which role they fall into with regard to the personal data they collect or process, as well as in their relationship with other companies that they might receive or share personal data with. Each role has very specific responsibilities attached to it, with the data controller ultimately responsible for the data protection of individuals.
2. Determine a legal basis for processing data
Identify the method and lawful basis for consent. And, once you have chosen a lawful basis for why you will be processing data for a specific purpose, document it in a way that so that it could be made available to regulators if needed.
3. Respond to Individual rights requests
Under the GDPR, an individual has the right to access, review, correct, and delete any of the personal data collected and processed by a data controller. Subjects also have the right to revoke the consent they may have already given you to collect or process their data. As a result, you should have procedures in place to respond to and comply with these requests. Your business needs to be equipped to respond quickly and appropriately if you receive such a request.
4. You might need a Data Protection Officer
Not all companies require a Data Protection Offer(DPOs), but some are obligated to appoint one under the new regulation. Organizations that carry out data processing for a public authority or that carry out activities that include regular and systematic processing or process large-scale sensitive data should appoint a data protection officer (DPO).
5. Make sure your data is secure
You have probably seen information published about data privacy when it comes to the GDPR. Thus far, the emphasis has been on data governance and compliance with privacy-related requirements of the law. But it’s important to remember that the GDPR is as much about taking measures to keep that data secure as it is about privacy. Make sure you control who has access to data, both inside and outside of your company. It’s also wise to test your systems so you know that the security processes you have in place are effective and cannot be bypassed by hackers, cybercriminals, or other parties who might want to illegally gain access to information.
6. Demonstrate “privacy by design”
Building “privacy by design” means ensuring only that personal data which is required is collected, and also incorporate privacy features and functionality into products and services from inception of an idea or project.
7. Understand the purpose of the GDPR
While many companies have to make significant changes to the way personal data is gathered and processed once GDPR comes into effect, it’s important to remember why the regulation was formed in the first place. The GDPR is first and foremost intended to promote accountability and transparency for those companies that collect and process personal data while protecting the information and rights of individuals. When building your compliance program, starting with these principles is a good way to be sure your strategic decisions support your business’s GDPR compliance.
The importance of GDPR is to inform the user why you want it, promising them you delete the information if they ask for it, or if you provide all the information you store about them in less than 72 hours. In the wake of data breaches at some of the world’s largest auto brands, the importance of data privacy and security has risen to become a key consideration for users, businesses, and even countries.
For more information on GDPR, kindly visit GDPR Official website.