GDPR and International Data Transfer In 2023

For the automotive industry, data transfers are becoming increasingly relevant due to the large-scale data collection using sensors, to test ADAS and ADS functions. However, due to the rules outlined by the GDPR, concerns regarding data privacy, particularly the personal information of people and companies within the EU have emerged. Companies that choose to transfer data outside of the EU must follow certain guidelines to ensure compliance with the GDPR requirements. 

GDPR and Data Transfer 

According to Article 44 of the GDPR, data transfer refers to ‘the transfer of personal data which are undergoing processing or are intended for processing after transfer to a third party or international organization.’ For the automotive industry, it is important to stay vigilant regarding GDPR restrictions to international data transfer, which can be essential to companies’ business practices. This refers to personal data being accessible to organizations outside of the EU, including being stored on servers.  

Currently, the EU Commission recognizes Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, and Switzerland under the GDPR as well as LED and Uruguay as having adequate levels of protection. To be able to share their data between an EU-based organization to a territory where the EU Commission has not recognized it an adequate level of data protection, organizations can apply the methods outlined by Article 40 of the GDPR regulation, regarding the code of conduct of organizations, that ensure the protection of personal data during transfers. One of those methods includes the anonymization of personal information that is present in visual data, including blurring faces and license plates, which is discussed in detail in our blog.  

Additionally, organizations can utilize standard contractual clauses and binding corporate rules to facilitate international data transfer. More on SCCs and BRCs here. 

Real-world Scenarios

Data transger from EU-based OEMs

If an organization were to be partnered with an automotive supplier outside of the European Union, and if that country is designated as not having an adequate level of data protection by the EU Commission, then data transfer is subject to the GDPR.

Exporting collected data in EU to OEMs outside of the EU is not permitted.

If an OEM that is registered outside of the EU wants to perform large-scale data collection in the EU, there will be personal data such as faces and license plates, which are both safeguarded under the GDPR regulation. In this instance, the company will need to follow the GDPR rules before the data transfer occurs to be compliant.

Data transfer can be GDPR compliant 

Once the personal data has been anonymized and the proper legal requirements and processes are followed, companies can perform secure data transfer. By utilizing NavInfo Europe’s full-scale GDPR Compliance pipeline, companies can rest assured that their data is compliant and shipped securely either physically or on the cloud. Our highly skilled team can manage physical shipments of hard disks as well as the digital transfer of large-scale data via various cloud services. With NavInfo Europe’s rich experience, we can support customers in collecting data for mapping, autonomous driving, and ADAS testing and validation. Through our tailor-made secure data pipeline, we have successfully facilitated our clients being able to handle large-scale data volume collected by vehicles in multiple countries and cities. 

*Pre-processing includes anonymization of videos and or images, data labelling, format conversion, compression and encryption.

AI-powered GDPR Compliant Data Handling Solution  

To facilitate GDPR-compliant data transfers, NavInfo Europe offers a holistic GDPR compliance solution that includes a highly accurate AI-powered anonymization pipeline that can automatically detect and blur personal information from raw visual data. Additionally, the solution offers data management and pre-check-up, setting up of the anonymization pipeline, data validation, and finalization as well as data delivery to customer endpoints. Our solution supports all types of visual data from various types and positions of cameras, and in various weather conditions and territories.  

Take the first step towards GDPR-compliant data handling with NavInfo Europe.  

Sign up for our newsletter and get the latest insights!

Anonymize your own images

Talk to our Cybersecurity experts today!

Get in touch with our experts to learn more about our Automotive Cybersecurity solution.