Don’t let GDPR kill your IoT product!

Avoid failure in your IoT project with progressive GDPR compliance

Source

What is GDPR and how can it mess up your product?

Learn what to look out for and gain a competitive edge while you’re at it.

The new General Data Protection Regulation comes into effect on May 25th, 2018. It is an EU initiative that regulates the collection, storage and usage of personalized information.

And even if you are operating into the EU from another location, you are still bound by it.

Failure to comply to the strict laws puts you on the spot for some unpleasant fines which can be up in the millions.

Some may call the GDPR as a hindrance to technological development. But few argue that the EU is pioneering the protection of personal data rights on a huge scale.

I’m no lawyer! Give me the short version!

Alright, actually quite a few sources on the web give you the roundup. So, here you’ll get the 60s snapshot for IoT product managers. Feel free to dive deeper into the dedicated resources at any time ;)

Is this even relevant to my product?

Yes, if your product collects personal information from individuals in the European Union. And especially if you are storing and analyzing this information to add value (sell stuff).

What do I need to watch out for?

Compliance with GDPR comes in 7 flavours:

1. Legal collection: The individuals you collect data from need to be informed which data you gather and why. They need to explicitly opt in and be able to opt out any time. (needs to be easy to understand as well)
2. Purpose bound data collection: Data may only be collected and used for the purpose stated in (1)
3. Minimize the amount of data: Only collect as much information as is needed for the intended purpose.
4. Ensure correctness of data: Update data to always reflect the correct information.
5. Minimize the amount of storage: Only store the personal data as long as it is needed to fulfill the stated purpose. If you want to keep information after that, you will need to anonymize the personal information.
6. Integrity and confidentiality: You are responsible to ensure secure data transfer and storage so that no one may gain unauthorized access or tamper with it.
7. Duty of accountability: Your company needs to appoint a person responsible to prove compliance to the points (1)-(6).

How does that help me if I don’t operate with EU citizens’ data?

First, by considering the implications of GDPR you might be able to get more smoothly into the European market further down the road.

Second, you can think of the EU as the pilot in personal data rights, and others might follow. By being ready you can stay ahead of your competition.

Daniel Sontag connects the bots: As Industry 4.0 lead and manager for connected products, he does what he loves — tying business to tech, and theory to practice.

Hi, great you enjoyed the article! Feel free to give the applause button a few good clicks or leave a short response below, thanks.

Stay tuned: On The Industry 4.0 Blog and on LinkedIn