[et_\u200bpb_\u200bsection bb_built=\u201c1\u201d][et_pb_row][et_pb_column type=\u201c4_4\u201d][et_pb_text _builder_version=\u201c3.13.1\u201d]<\/p>\n
Do you know the ways IoT and devices use per\u00adson\u00adal data?<\/span><\/p>\n As the devices in our dai\u00adly lives become more and more intel\u00adli\u00adgent, they gath\u00ader greater amounts of data. The sales of smart devices are going through the ceil\u00ading and many of us own more than one smart device. Devices, com\u00adpat\u00adi\u00adble with mul\u00adti\u00adple appli\u00adca\u00adtions, process an enor\u00admous amount of our infor\u00adma\u00adtion. Have you ever con\u00adsid\u00adered what this infor\u00adma\u00adtion is being used for and by whom?<\/span><\/p>\n Nowa\u00addays, Inter\u00adnet of Things devices are every\u00adwhere. IoT devices are ordi\u00adnary devices and objects that are con\u00adnect\u00aded to the inter\u00adnet or col\u00adlect data through oth\u00ader means. For instance, you can con\u00adtrol all the devices in your home through your smart\u00adphone or watch.<\/span><\/p>\n Often\u00adtimes, IoT devices gath\u00ader per\u00adson\u00adal data that are exploitable by hack\u00aders look\u00ading to steal your iden\u00adti\u00adty. The cur\u00adrent risk with IoT devices is that they offer hack\u00aders easy tar\u00adgets and are vul\u00adner\u00ada\u00adble to secu\u00adri\u00adty breach\u00ades. In the not-so-dis\u00adtant future, the risks are only expect\u00aded to increase in this area.<\/span><\/p>\n Many IoT devices still do not let you know how your per\u00adson\u00adal data is used. Accord\u00ading to the GDPR, the data proces\u00adsor must be aware of oblig\u00ada\u00adtion to let data sub\u00adjects know how their per\u00adson\u00adal data is gath\u00adered, processed, dis\u00adsem\u00adi\u00adnat\u00aded, and record\u00aded. More\u00adover, the data sub\u00adjects need to know what their rights to their per\u00adson\u00adal data are. Trust is an inte\u00adgral part of inno\u00adva\u00adtion. Com\u00adpa\u00adnies are at risk of loos\u00ading it if their clients are not con\u00adfi\u00addent that com\u00adpa\u00adnies are open about how data is processed.<\/span><\/p>\n The GDPR has very spe\u00adcif\u00adic rules for esti\u00admat\u00ading the impact of such data pro\u00adtec\u00adtion cir\u00adcum\u00adstances. They tru\u00adly come in handy for per\u00adson\u00adal data pro\u00adcess\u00ading where the risks are high in terms of data sub\u00adjects\u2019 rights and free\u00addom, espe\u00adcial\u00adly in new tech\u00adnolo\u00adgies. One can\u00adnot ignore the fact that these devices process loca\u00adtion infor\u00adma\u00adtion and domain data, such as IP address\u00ades. This means that once ful\u00adly enforced from May 25th, the GDPR will also include this field. The world of IoT can encom\u00adpass many com\u00adplex lev\u00adels of data pro\u00adcess\u00ading with their respec\u00adtive proces\u00adsors. These cat\u00ade\u00adgories are made up of, for exam\u00adple, equip\u00adment man\u00adu\u00adfac\u00adtur\u00aders, appli\u00adca\u00adtion devel\u00adop\u00aders, social media plat\u00adforms and aggre\u00adga\u00adtion possibilities.<\/span><\/p>\n Data pro\u00adtec\u00adtion has to be built from ground up if the device uses per\u00adson\u00adal data. GDPR entails that per\u00adsona data pro\u00adtec\u00adtion is con\u00adsid\u00adered in any devel\u00adoped prod\u00aduct or ser\u00advice. An empha\u00adsized con\u00adcern is the data pro\u00adtec\u00adtion issue that may arise at the begin\u00adning of prod\u00aduct devel\u00adop\u00adment. At this stage, it must be ensured that data pro\u00adtec\u00adtion issues are acknowl\u00adedged through\u00adout the life\u00adcy\u00adcle of any device or ser\u00advice. It is also impor\u00adtant to car\u00adry out any tech\u00adni\u00adcal pro\u00adce\u00addure to ensure that the device that process\u00ades per\u00adson\u00adal data is secure. As IoT is a part of a wider con\u00adcept of infor\u00adma\u00adtion real\u00adi\u00adty with a man\u00adi\u00adfold of process\u00ades, the issue must be approached holistically.<\/span><\/p>\n Data Pro\u00adtec\u00adtion Impact Assess\u00adment is a tool that aids orga\u00adni\u00adza\u00adtions in fol\u00adlow\u00ading data pro\u00adtec\u00adtion reg\u00adu\u00adla\u00adtions when devel\u00adop\u00ading a device, prod\u00aduct or a ser\u00advice that process\u00ades per\u00adson\u00adal data. It is used to iden\u00adti\u00adfy and reme\u00addi\u00adate data pro\u00adtec\u00adtion issues in the ear\u00adly devel\u00adop\u00adment stages of new projects and devel\u00adop\u00adment. Fur\u00adther\u00admore, it is an instru\u00adment that will help you answer cus\u00adtomer data pro\u00adtec\u00adtion con\u00adcerns. In cer\u00adtain cas\u00ades, espe\u00adcial\u00adly when the pro\u00adcess\u00ading of per\u00adson\u00adal data pos\u00ades major risks, the DPIA is mandatory.<\/span><\/p>\n When it comes to the devices, appli\u00adca\u00adtions, and sys\u00adtems in the IoT, atten\u00adtion must be payed to the trans\u00adfer\u00adring of data. For instance, it is impos\u00adsi\u00adble for chil\u00addren to accept the pro\u00adcess\u00ading of their data with due dili\u00adgence with regards to, for exam\u00adple, online ser\u00advices. Nev\u00ader\u00adthe\u00adless, the mar\u00adket is filled with toys that are a part of IoT.<\/span><\/p>\n For ado\u00adles\u00adcents between the ages 13 and 15, the per\u00admis\u00adsion to release per\u00adson\u00adal data for pro\u00adcess\u00ading depends on the leg\u00adis\u00adla\u00adtion of indi\u00advid\u00adual Mem\u00adber Coun\u00adtries. The assump\u00adtion, how\u00adev\u00ader, is that these ado\u00adles\u00adcents are not eli\u00adgi\u00adble to give con\u00adsent due to their young age. This notion means major chal\u00adlenges to those orga\u00adni\u00adza\u00adtions intend\u00ading to dis\u00adtrib\u00adute devices that are meant to be used by chil\u00addren. More\u00adover, anoth\u00ader chal\u00adlenge comes with the ques\u00adtion if IoT devices have parental con\u00adsent fea\u00adtures inte\u00adgrat\u00aded. Issues such as these become even more com\u00adpli\u00adcat\u00aded because the leg\u00adis\u00adla\u00adtion is not con\u00adsis\u00adtent with\u00adin the GDPR enforc\u00ading countries.<\/span><\/p>\n Con\u00adsumers are becom\u00ading increas\u00ading\u00adly aware of data pro\u00adtec\u00adtion risks. In the IoT, con\u00adsumer elec\u00adtron\u00adics as an exam\u00adple, secu\u00adri\u00adty issues are under\u00adstood at a cer\u00adtain lev\u00adel. In the cor\u00adpo\u00adrate world, how\u00adev\u00ader, they are clear show stop\u00adpers. This means that con\u00adcerns are high in envi\u00adron\u00adments where IoT secu\u00adri\u00adty breach attempts are on the rise.<\/span><\/p>\n Reg\u00adu\u00adla\u00adtions are wel\u00adcomed in cer\u00adtain fields where per\u00adson\u00adal data and secu\u00adri\u00adty if of the essence. A great exam\u00adple is the finan\u00adcial indus\u00adtry. The demand for reg\u00adu\u00adla\u00adtions does not only apply to IoT but also to robot\u00adics and arti\u00adfi\u00adcial intel\u00adli\u00adgence. This is the new real\u00adi\u00adty that we all must face. Ignor\u00ading per\u00adson\u00adal data pro\u00adtec\u00adtion is no longer an option when the stakes and risks are too high. Hence, the con\u00adse\u00adquences are equal\u00adly high. There\u00adfore, orga\u00adni\u00adza\u00adtions need experts who are skilled at per\u00adson\u00adal data pro\u00adcess\u00ading and its relat\u00aded tech\u00adno\u00adlog\u00adi\u00adcal risks and stipulations.<\/span><\/p>\n Cur\u00adrent\u00adly, orga\u00adni\u00adza\u00adtions train their staff on how to process per\u00adson\u00adal infor\u00adma\u00adtion. This type of train\u00ading should be extend\u00aded to the con\u00adsumer lev\u00adel to cre\u00adate aware\u00adness are IoT data secu\u00adri\u00adty issues. Fur\u00adther\u00admore, prod\u00aducts need to ensure per\u00adson\u00adal pri\u00adva\u00adcy. For the man\u00adu\u00adfac\u00adtur\u00aders of objec\u00adtive goods, GDPR will change everything.<\/span><\/p>\n The GDPR man\u00addates that users are giv\u00aden a clear overview of terms and con\u00addi\u00adtions relat\u00aded to per\u00adson\u00adal data pro\u00adtec\u00adtion of IoT prod\u00aducts. In addi\u00adtion, con\u00adsumers need to accept these terms before per\u00adson\u00adal data can be saved. For prod\u00aducts that do not have screens, this will be prob\u00adlem\u00adat\u00adic. Nev\u00ader\u00adthe\u00adless, IoT prod\u00aduct man\u00adu\u00adfac\u00adtur\u00aders need to remem\u00adber that data pro\u00adtec\u00adtion and data secu\u00adri\u00adty are mutu\u00adal\u00adly inclu\u00adsive. The mes\u00adsage to con\u00adsumers is loud and clear. The IoT orga\u00adni\u00adza\u00adtions that invest time and mon\u00adey to design safe prod\u00aducts, respect their clients.<\/span><\/p>\n Data pro\u00adtec\u00adtion and secu\u00adri\u00adty does not only chal\u00adlenge IT depart\u00adments. Thanks to this inter\u00adtwin\u00ading, they both need to be high on the agen\u00addas at boardrooms.\u201d<\/span><\/p>\n As the intro\u00adduc\u00adtion of the new reg\u00adu\u00adla\u00adtion cre\u00adates new oblig\u00ada\u00adtions for com\u00adpa\u00adnies with added admin\u00adis\u00adtra\u00adtive work, the plan\u00adning and exe\u00adcu\u00adtion of GDPR com\u00adpli\u00adance should be start\u00aded as soon as pos\u00adsi\u00adble. The win\u00addow giv\u00aden to tran\u00adsi\u00adtion to GDRP is a year, mean\u00ading that the time to become GDPR com\u00adpli\u00adant is rather short. Now is the time to act. The analy\u00adsis of cur\u00adrent data secu\u00adri\u00adty and pro\u00adtec\u00adtion sta\u00adtus by an exter\u00adnal spe\u00adcial\u00adist is a rec\u00adom\u00admend\u00aded first step. We are more than hap\u00adpy to help you get ready for GDPR!<\/span><\/p>\nGDPR and IoT<\/strong><\/h2>\n
Who can accept the pro\u00adcess\u00ading of their per\u00adson\u00adal data?<\/strong><\/h2>\n
Con\u00adsumers and Data Protection<\/strong><\/h2>\n