Background
VARS Technology is a UK-based provider of advanced Automatic Number Plate Recognition (ANPR) systems, supporting forecourt operators across the country. Working with major retailers, VARS serves approximately 30% of UK forecourts, helping clients manage parking enforcement, reduce losses, and improve operational efficiency.
Operating in a highly regulated environment and exploring the use of emerging technologies such as facial recognition, VARS engaged The DPO Centre to strengthen its data protection framework and ensure its approach remained robust, scalable, and aligned with evolving regulatory expectations.
Key Challenges
- Aligning data protection with operations
- Deploying facial recognition technology responsibly
- Clarifying controller and processor roles
Solution
The designated Data Protection Officer (DPO) began with a comprehensive gap analysis to assess VARS’ existing approach to data protection and identify opportunities to better align governance with its operational model. This provided a clear benchmark and structured roadmap, enabling VARS to measure progress and confidently demonstrate its commitment to data protection to clients and partners.
To ensure documentation reflected the realities of VARS’ services, the DPO reviewed and enhanced existing policies and procedures, introducing tailored provisions specific to ANPR, debt recovery, and emerging facial recognition use cases. This ensured that data protection practices were not only compliant but directly applicable to day-to-day operations.
The DPO also provided forward-looking guidance on the responsible deployment of facial recognition technology, helping VARS understand both current regulatory expectations and how these may evolve. This included conducting Data Protection Impacts Assessments (DPIAs) to evidence accountability and demonstrate risk management. Alongside this, technical specifications and practical guidance were developed to support clients in implementing the technology in a compliant manner.
To address contractual complexity, the DPO worked closely with VARS to clarify its role as a data controller or processor across different services and partnerships. This provided greater certainty in how responsibilities are defined and communicated, ensuring that data protection obligations are consistently understood and applied across its customer base.
Outcome
Lewis MacCallum, Director at VARS Technology, said: ‘Ensuring that we are fully compliant and that all data is managed securely is vital to our day-to-day business. The DPO Centre provided us with a fantastic framework to build safe and responsible data handling processes throughout our organisation. Our dedicated DPO has been proactive and thorough in supporting us, allowing us to demonstrate to customers and partners the highest levels of data protection and security.’
