| |DECEMBER 20189icant provisions, the PDPB proposes a substantial penalty for violation of the stated privacy and data-protection requirements.PDPB defines the role of three key players in-volved in the data-flow chain:Data fiduciary­ Any person (including the State, a company, any juristic entity or anyindividual) who determines the purpose and means of processing of personal dataData processor - Any person (including the State, a company, any juristic entity or any individual) who processes personal data on behalf of a data fi-duciary, but does not include an employee of the data fiduciary.Data principal - The natural person to whom the per-sonal data relatesPDPB defines Personal data as data about a nat-ural person in relation to any characteristic, trait, attribute or any other feature of the identity of such natural person, or any combination of such fea-tures, or any combination of such features with any other information.Under such perimeters, Auto OEMs, component manufacturers, and content providers would quali-fy either as the data fiduciary or the data processor, depending on how the personal data is sourced and processed. According to a recent survey carried out by Deloitte in the EU, 64 percent of the respondents said that for them privacy is one of the criteria while making a vehicle-purchase decision. The study also highlighted that for 80 percent of the respondents, the right to choose which of their information is be-ing transmitted is either important or very import-ant, and they would want to retain personal control over their data.For the auto-industry which has been more about mechanical technicalities rather than IT, privacy drive is a paradigm-shift. Data-protection will be-come a critical factor for multiple reasons:Customers are asking for it; Technology advance-ment is only going to increase and become more pervasive; Infotainment and mobility services can contribute to 20 percent of the total revenue and 19 percent of the OEM EBITDA, if technology and cus-tomer preferences keep evolving at today's high pace; and Laws mandate it.OEMs will now need to define technology and vehicle architecture in ways that adhere to privacy requirements and address the law of the land. Fol-lowing are some of the measures the auto-industry can adopt to stay relevant in the dynamic times:· Take a privacy-readiness assessment· `Inventorize' personal and sensitive personal data ­ where, what, whose, when, how, and why· Develop a culture of privacy by enabling priva-cy-by-design and security-by-design in all tasks, whether it is customer-information collection or de-veloping a new CRM, telematics, mobile connectivi-ty with the vehicle, etc.· Create and update information notice in accor-dance with the law· Assess and remediate risk pertaining to sharing of personal data with third parties;· Define and segregate personal and sensitive data in accordance with the laws, regulations etc.· Understand data flow for collection and processing of personal data· Establish a robust framework for leading privacy principles· Enhance data security measures· Enable a robust governance mechanism focus-ing on reporting to the Board and the CXOs on a regular basis.To summarize, the overall customer confidence in vehicle data privacy will increase and represent a significant competitive advantage. Along with the flourishing growth, it is interesting to note how the ever-increasing automation, technology prolifera-tion and customer enthusiasm will coexist with the corresponding legal frameworks for the protection of personal data. The auto industry, in its journey to the `Future of Mobility', must achieve the milestones of data-privacy. FOR THE AUTO-INDUSTRY WHICH HAS BEEN MORE ABOUT MECHANICAL TECHNICALITIES RATHER THAN IT, PRIVACY DRIVE IS A PARADIGM-SHIFT
< Page 8 | Page 10 >