The EU GDPR is well-known as one of the most comprehensive measures to enforce individuals’ data privacy. Although in effect for almost four years, data from Finbold, as well as information from enforcement trackers show that 2021 saw hefty fines skyrocket as authorities in the EU are cracking down on data privacy abuse and noncompliance with the GDPR. The GDPR is not the sole regulation that enforces data privacy, regulations such as the CCPA in California, CSL in China, and APPI in Japan indicate a major global shift towards data privacy enforcement regarding how organizations handle the data they collect or process. This new trend signals the need for many organizations in the EU to begin refreshing their understanding of the GDPR, its requirements, as well as rethinking data privacy protection protocols for 2022.
figure 1: CCTV footage blurring
GDPR Requirements: What do you need to know?
The GDPR acts as a legal framework that requires businesses to protect the data privacy of citizens in the EU. As of May 25th, 2018, organizations that operate, or have operations within the EU and the EEA (European Economic Area) are asked to implement organizational changes and security by default protocols to ensure the protection of the personal data they control.
Organizations must comply with GDPR by implementing technical and operational safeguards to protect personal data they control. The regulation requirements cover all stages of the organization’s product development, data collection, and processing. This involves four main courses of action:
Additionally, the GDPR stipulates that a Data Protection Officer (DPO) must be installed to oversee GDPR operations and enforce compliance within an organization. An organization must install a DPO if it meets the following criteria:
For smaller organizations that handle large volumes of personal data, it is permissible to share a DPO with other small organizations. Large organizations are permitted to hire support staff to assist the DPO in their efforts.
Personal information: What is it and how can you protect it
Personal data refers to any information relating to an identified or identifiable person, whereby the person can be identified directly or indirectly. Particularly, this refers to names, location data, faces, identification numbers, and any other physical, mental, and social identity of the natural person. Article 6 of the GDPR stipulates requirements for such data processing and specifies that personal information needs to be properly safeguarded in order for organizations to be able to use the data to fulfill their needs to ensure that data privacy by design protocols are set in place to adequately protect individuals’ private information, as it is now a global requirement.
figure 2: blurring street view camera footage
This can be done in three ways:
Nevertheless, this still presents challenges to organizations and data controllers. For example, the first option is time-consuming and may not be efficient when performing large-scale data collection and monitoring. Deleting all personal information in the database as suggested by the second option is also difficult to achieve as some data is necessary for an organization to achieve its goals and purposes. Anonymization offers a suitable alternative for many organizations – it ensures that no private information is stored, processed, or leaked, and still allows for the purposes of data collection to be realized.
Anonymization can be done by blurring information, such as faces, bodies, and license plates. With GDPR compliant information, organizations may proceed with using the data to enhance their operations.
Consequences: What happens if an organization is found to be non-compliant?
Data breaches and other breaches can lead to fines, and GDPR fines are known to be some of the highest – amounting to 20 million, or 4% of annual turnover, whichever is the greater amount. Furthermore, organizations found to be in violation risk reputational loss among shareholders and financial loss to remedy the violation.
NavInfo Europe’s GDPR Compliance Package
In our capacity as data processors, NavInfo Europe offers a GDPR compliance package to support our customers by providing data privacy by design framework, for the data they have collected. A core aspect of our package is our anonymization service, which uses high accuracy and high-speed computer vision techniques to detect and blur personal information on customers' data sets while being resource-efficient. Additionally, we offer the infrastructure for GDPR compliant data handling, which includes data management and pre-checkup, setting up of the anonymization pipeline, data anonymization, and data validation and finalization.
figure 3: data management process for GDPR compliance
We offer consulting services to our customers to implement proactive, preventative technical measures and GDPR related documents to combat scenarios where data privacy is compromised, to ensure a safe and modern future for both the public and businesses.
Curious and want to learn more about what we can do for your organization? Get in touch and our team will get back to your promptly.I want to know more!
Sign up for our newsletter and get the latest insights!