IoT facing huge challenges from GDPR

Although IoT is something that’s been around for a while, it is still a relatively new concept. We’re still learning a lot, and producing a lot. Data is highly valuable and there are ample threats to the security of a company’s data.

At the recent IOT Summit, a panel discussion with Tom Slattery, head of data analytics at KPMG, Brendan Dowling, CEO of Consumer Data Protection and Ultan O’Carroll, technology advisor to the Office of Data Protection Commissioner, shed some light on the topics of permission, compliance and responsibility with regards to privacy and data protection challenges.

O’Carroll said: “IoT is certainly within our division now, especially because of the new EU privacy regulations, which means that any kind of machine to machine electronic communication service is subject to regulation with strict requirement of consent to do with content and processing terminal equipment access.”

The vast levels of personal data shared through IoT technology leaves companies at risk of being hacked. This data can be used for bribery and ransom, extracting private information and any number of other forms of robbery for private gain. With huge agencies and government bodies adopting this technology, it is essential that the data is protected.

While working on the Smart Cities project for British Telecom in London, Brendan Dowling felt he had the “holy grail” of technologies in IoT.

“The idea was to bring business travellers into the city and analyse what they were doing and where they were going. We wanted to get them a taxi, get them a restaurant, a hotel et cetera. We were supposed to make a small fortune in getting commissions on those transactions,” Dowling said.

“We quickly realised we hadn’t a hope in hell in doing that; the business model was wrong, this was in lieu of free WIFI.” Dowling added that this was when they began to realise the value of data. “We realised that data is the next gold rush, and by having the data of these people, we could sell it to advertisers. This opened up a whole world of the implications of that data.”

Dowling said that with IoT, data collection is essential to commercialising business models. “Under GDPR, that data now has to be protected, and that has a huge implication for how you use it and analyse it without the expressed permission of the consumer, which you must have,” he said.

He believes that IoT will face huge challenges because people do not trust their technology. “Many people have a sticker over the camera of their laptop, for example,” he said. “IoT will face a huge problem if it does not get the expressed permission and buy-ins from consumers,” he said.

“It needs people to say ‘I want that service, I am going to give you my personal data and I expect you to secure that data and respect it. And if you give me a good service that I value, I will continue to work with you and help you to monetize it.’ That for me is the key message in terms of GDPR.”

When it comes to GDPR awareness and readiness, Slattery said: “There’s a lot of kicking the football around the office; IT get it for a while and pass it on to maintenance, then to compliance, and eventually there’s a cross-party triumvirate gathered to deal with compliance.”

He said the biggest ask KPMG are charged with is a plan to deliver compliance. “That’s a very difficult thing to do,” he said. “What we can offer is a plan to improve data maturity and respect and identification of private information, as well as all of the things around that DPO, policy and procedures and so on, everything a mature organisation should have.”

The General Data Protection Regulation (GDPR), after four years of debate and preparation, was approved by the EU Parliament on April 14 2016. It will come into effect on the May 25 2018, after which, organisations found to be non-compliant will face fines of €20 million euro or up to 4 per cent of the annual worldwide turnover, whichever is greater.

For further information and advice on the GDPR and how it could effect your business The Sunday Business Post is hosting a GDPR Summit on September 12. For more information on this event, the agenda, speakers and ticket pricing seeGDPR17.com