Learn 7 lessons from GDPR to bash your IoT competition
Even if you don’t work with personal data, there are still a lot of lessons to be learned from GDPR
Hey, look: An IoT lesson paid for by the EU!
GDPR, the European General Data Protection Regulation is now (since May 25, 2018) mandatory for companies operating in the EU.
This regulation has been in the making for 4 years between 2012–2016. A lot of discussions and thought went into this regulation.
A lot we as product managers can learn from that. And that knowledge has been paid for by the EU! Perfect, thanks you guys ;)
7 Lessons in GDPR for IoT products, getting you ahead
We’ll use the “7 flavours” of GDPR compliance I already talked about in an earlier blog post to illustrate what to learn for our IoT product — even if it doesn’t deal with personal data.
(1) Legal collection:
The individuals you collect data from need to be informed which data you gather and why. They need to explicitly opt in and be able to opt out any time. (needs to be easy to understand as well)
When you build a product, your customers might not be too comfortable with sharing all the data with you. So, the question really is how you get them on board by adding value?
Think about adding an offline option, where the data is collected and used completely in the hands of the customer.
This gives him the taste of value you could offer if you only had the data to work with ;)
This brings us to the point that you’ll need a good communication strategy. Make it very transparent to the customer what they’ll opt into and offer them to go back to the offline-only solution.
(2) Purpose bound data collection
Data may only be collected and used for the purpose stated in (1)
Ensure that the data you collect only gets used for creating the value you promise to the customer. Also, be ready to show the value you can create from the collected data.
This will help you show customers the immense benefit they have from using your solutions which employs their data.
(3) Minimize the amount of data
Only collect as much information as is needed for the intended purpose.
Reduce the collection of raw data to the absolute minimum. Think about the data you actually need to deliver the value. And do it before engineering the data streams to pull from all possible sources.
(4) Ensure correctness of data
Update data to always reflect the correct information.
Use plausibility checks to weed out wrong and misplaced information. Put also some mechanisms in place which regularly go over your data sets and check for consistency and remove duplicates.
(5) Minimize the amount of storage
Only store the personal data as long as it is needed to fulfill the stated purpose. If you want to keep information after that, you will need to anonymize the personal information.
This is not a kid’s cartoon: You don’t have to “collect them all”…
Reduce the amount of raw data you store by aggregation, calculation and selective deletion. This helps you focus on the essentials while keeping your overhead low.
(6) Integrity and confidentiality:
You are responsible to ensure secure data transfer and storage so that no one may gain unauthorized access or tamper with it.
Be the one to mention the security and access management of your solution to your customer. If you have good measures in place to protect the data pool, you can be proactive and use it as a sales argument.
(7) Duty of accountability:
Your company needs to appoint a person responsible to prove compliance to the points (1)-(6).
If your company is not touched, you won’t be required to name a data protection officer. However, when we transfer this concept to IoT products (with non-personal data) we can learn the following:
Offer your customers a single point of contact for all their questions regarding their data and how you’re handling it. This instills confidence in your customers and puts you and your offering in the strong position.
Daniel Sontag connects the bots: As Industry 4.0 lead and manager for connected products, he does what he loves — tying business to tech, and theory to practice.
Hi, great you enjoyed the article! Feel free to give the applause button a few good clicks or leave a short response below, thanks.
Stay tuned: On The Industry 4.0 Blog and on LinkedIn
