Digital Transformation and the Challenge of Data Protection

Digital technologies have supported and shaped our lives for decades but more recently the pace of change has increased considerably. Technology is developing at a rapid rate and finds its way into new scenarios all the time. Smart devices, the Internet of Things, social media platforms, cloud services and big data applications have all become commonplace as the result of digital transformation. The degree of networking and automation within our society and economy is steadily increasing. We have new needs, expectations and habits.

The GDPR Sets the Boundaries

These effects are also prevalent in the automotive industry. Functions that enable (partially) autonomous driving and the use of online services allow each user to tailor the driving experience to their needs. To develop and offer these functions and services, automotive manufacturers must collect, process and analyze vast amounts of information. However, this data can be problematic since it is often directly linked to a specific user, meaning it is subject to the General Data Protection Regulation (GDPR). This legislation came into force within the European Union (EU) on May 25, 2018. The aim of the GDPR is to standardize the rules for processing personal data throughout Europe. It represents the EU’s response to the effects of digital transformation and replaced a previous data protection regulation from 1995. The GDPR makes it necessary to be more careful and follow specific rules when handling personal data.

Since its implementation, there have been numerous cases that demonstrate just how challenging it can be to navigate the digital transformation without properly considering data protection requirements. Tesla is a prominent example from the automotive industry. The Tesla Model 3 has a total of eight cameras that enable 360-degree monitoring of the vehicle surroundings when driving and parking. The purpose of these cameras is to document vandalism and similar incidents, and to improve Tesla’s autonomous driving systems.  Stefan Brink, Baden-Wuerttemberg State Commissioner for Data Protection, views the OEM’s equipment choice as a violation of the GDPR in Europe, while Tesla maintains that the equipment complies with the legislation. Which standpoint is correct ultimately depends on one specific detail: whether the cameras record continuously or only when an incident occurs. This Tesla case is useful because it highlights a dilemma: New technologies enable innovative use cases that can benefit users but they can also stray into legal territory that can be difficult to navigate. It can be easy to violate a requirement without behaving negligently and without even the slightest intention of doing so.

A Systematic Approach to Data Protection

Given the influence of the GDPR, compliance is essential in any sustainable and responsible digital transformation. Intensifying existing data protection measures is a useful step that manufacturers can take immediately. The question is, what measures are most effective? Companies can provide the foundations for successful and sustainable data protection by establishing a team with the necessary authority and responsibility for managing data protection. This team needs to have two main objectives: Firstly, to integrate data protection requirements into the existing process landscape. Secondly, to raise awareness of data protection requirements throughout the company. This can be achieved through tailored employee training, communication concepts and audit processes.

Digital transformation is rapidly increasing the amount of data available and offers enormous potential for the German economy. The German Federal Government has already recognized this and has set up a platform called the Mobility Data Space for German automotive companies to exchange traffic data. The intention is to give Germany a competitive edge in the field of modern mobility, but also to pave the way for the next stage of industrialization – Industry 5.0. Earlier this year, the European Union described the objectives of Industry 5.0 as a more sustainable, resilient and human-centric industry. The pressure on companies will increase once again to ensure that they process personal data not only in accordance with the law but also ethically.

Achieving this ambitious goal is only possible by taking into account existing data protection requirements, European rules of business and ethical considerations, which will be the main challenge for everyone involved.

Please contact us if you would like to discuss data protection in more detail. We offer a wealth of process-related and technical expertise through our data protection management services. Let us support you on your path to a sustainable digital transformation.

Infos on the blogpost

Published on: 19.03.2021
Author: Daniel Andernach

More about Daniel Andernach


Daniel Andernach
Manager, Customer Product & Services

A “Better Tomorrow” is not possible without…:
... responsible behavior and trust

I am passionate about…:
… the automotive industry

Share in social networks


back to all blogposts