In 2019, the Salzburg police stopped a Volkswagen test car. The police noticed that there were cameras in the car that recorded movement around in order to analyze system errors. Three years later, the State Data Protection Commissioner of Lower Saxony imposed a fine of 3 million euros on the German automobile concern Volkswagen. IT-lawyers of Stalirov & Co told why the company had to pay such a fine.
Video Recording Warning
There were no signs with a camera symbol on the car, which would have warned about the collection and processing of personal information. This violated Article 13 of the GDPR, according to which it is necessary to inform others about the processing, including who carries out the processing, the purposes and periods of data storage.
DPO with processor
The test drive of the car was carried out by an outside company in the interests of Volkswagen. But the parties did not sign data protection agreementas required by Article 28 of the GDPR. Every company that outsources the processing of data of EU citizens must ensure that the contractor guarantees a high level of data protection. To do this, the parties describe the processes of collection, processing and storage, exchange instructions in the DPO format.
Volkswagen also violated Article 35 of the GDPR by failing to conduct a data protection impact assessment prior to the start of the test drive. Such an assessment is mandatory if the processing takes place using new technologies, as in the Volkswagen case.
And the latest violation was Article 30 of the GDPR, which requires the company to keep records of processing activities. But in the Volkswagen registers there were no clarifications on technical and organizational protection measures. Such a task in the company is a responsibility data protection officer
Video recording was carried out in order to optimize the driver assistance system to prevent accidents and thus improve road safety. But even such a noble goal did not save Volkswagen from a fine of 1,1 million euros.
Does the GDPR work in Ukraine?
Ukrainian business must comply with the requirements of the GDPR if it processes personal data of EU citizens. rules GDPR in Ukraine operate in the same way as in European countries.
Therefore, any Ukrainian company can be in place of Volkswagen. This means that before launching a product on the European market, data collection and processing processes must undergo a thorough GDDR Compliance.
REPLY