Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications
Paragraph 3.3.6 Security
156. As noted above, the security measures put in place shall be adapted to the level of data sensitivity. For instance, if instantaneous speed (or any other data related to criminal convictions and offences) is collected as part of the accidentology study, the EDPB strongly recommends putting in place strong security measures, such as:
-
− implementing pseudonymisation measures (e.g., secret-key hashing of data like the surname/first name of the data subject and the serial number);
-
− storing data relating to instantaneous speed and to geolocation in separate databases (e.g., using a state-of-the-art encryption mechanism with distinct keys and approval mechanisms);
-
− and/or deleting geolocation data as soon as the reference event or sequence is qualified (e.g., the type of road, day/night), and the storage of directly-identifying data in a separate database that can only be accessed by a small number of people.