- Original Poster
- #1
The European Union General Data Protection Regulations (GDPR) has arguably given back control of personal information to the user by extending the classification as to what information must be regarded as ‘personal data’ defined as ‘any information relating to an identified or identifiable living individual’. The confidentiality, integrity and availability of such must therefore be included within an organisation’s IT Security & privacy protection regime.
There are however an increasing number of autonomous non-human devices that collect personal data and make up the Internet of Things (IoT). IoT devices have, without us even realising, become ubiquitous and whilst forecasts differ, there is general agreement that numbers will outstrip humans as ‘users’ of the Internet within the next 5 years.
For reasons of economic viability, IoT devices typically have very limited capacity for on board data processing or storage and are found in an ever-increasing array of low-cost devices both in the home and within businesses. Many of these devices and services are clearly of a personal nature whilst others may be less obvious. Regardless these devices will almost certainly be capturing, processing and sending data that would now be classed as personal under the provisions of the GDPR.
Most organisations have gone through the pain of introducing GDPR compliant processes and procedures – but did yours consider the autonomous non-human accounts and devices that are at work for your organisation? Might they, for example, store or transmit unencrypted personal data? Only time will tell whether this is a problem the Information Commissioners Office will turn its gaze towards and with fines of up to 4% of a company's annual turnover, or 20 million Euros dare you ignore the question?
This is an area of research I am currently undertaking for my MSc and would welcome your help! If your organisation is EU based and uses or provides IoT devices or services PLEASE click HERE to complete an anonymous but mutually beneficial IoT/GDPR compliance assessment.
There are however an increasing number of autonomous non-human devices that collect personal data and make up the Internet of Things (IoT). IoT devices have, without us even realising, become ubiquitous and whilst forecasts differ, there is general agreement that numbers will outstrip humans as ‘users’ of the Internet within the next 5 years.
For reasons of economic viability, IoT devices typically have very limited capacity for on board data processing or storage and are found in an ever-increasing array of low-cost devices both in the home and within businesses. Many of these devices and services are clearly of a personal nature whilst others may be less obvious. Regardless these devices will almost certainly be capturing, processing and sending data that would now be classed as personal under the provisions of the GDPR.
Most organisations have gone through the pain of introducing GDPR compliant processes and procedures – but did yours consider the autonomous non-human accounts and devices that are at work for your organisation? Might they, for example, store or transmit unencrypted personal data? Only time will tell whether this is a problem the Information Commissioners Office will turn its gaze towards and with fines of up to 4% of a company's annual turnover, or 20 million Euros dare you ignore the question?
This is an area of research I am currently undertaking for my MSc and would welcome your help! If your organisation is EU based and uses or provides IoT devices or services PLEASE click HERE to complete an anonymous but mutually beneficial IoT/GDPR compliance assessment.
