GDPR and Your Connected Car

On May 25th 2018, the General Data Protection Regulation (GDPR) passed by the EU in 2016 will begin to take effect. This set of regulation standards for the handling of European citizens’ data is an unprecedented document in the history of data protection policy, bringing to these issues a level of clarity rarely seen in legislation.

The regulation dictates many policies for anyone that offers products or services to consumers in the EU, regardless of the location of the provider. All policies veer in favor of the consumer’s rights to their data. This includes prohibiting use of data without the owner’s consent, allowing the consumer to see what data is being used and how, and allowing consumers to request that their data be deleted from any service without question. Of equal importance is the GDPR’s strict policies regarding data breaches, stating that knowledge of a user’s data being compromised must be reported to them without “undue delay,” and that any breach must be reported to Data Protection Authorities within 72 hours. The penalty for non-compliance in the event of a breach is heavy, equaling 4% of a firm’s annual revenue or € ($23 million), whichever is greater.

This legislation will have a profound impact on the automotive industry in the coming decades. The vehicles of tomorrow process an enormous amount of user data every day for the purpose of connected car-enabled safety systems and user experience enhancements. The contents of this data ranges from phonebook data and call history to minute-by-minute location data provided through GPS. With real-time V2X technologies coming to fruition through Dedicated Short-Range Communication and 5G technology, even more venues in the vehicle will have access to sensitive user data.

The changes brought by the GDPR will motivate members of the automotive industry to pursue strategies that prioritize the security and accessibility of user data. This calls for all data collected from a vehicle to be securely aggregated and analyzed with around-the-clock safeguards in place to react to any data breaches. Vehicular cyber security must be implemented at every level from In-Vehicle Networks to back-end cloud servers, safeguarding the closed-loop data architecture that is key to the success of connected vehicle deployment. SecureIoT, Trillium’s multilayered automotive cyber security suite is made with this need in mind, having been built from the ground up for ensuring user and data protection in vehicular applications.