Understanding GDPR for IoT Companies

Alex Flitton
Jun 7, 2018 9:47:32 AM

"We've Updated Our Privacy Policy"

May 2018 should always be remembered as the month where every company in the world updated its privacy policy. In the months surrounding May 2018, you may have even heard terms such as GDPR (General Data Protection Regulations) or Cambridge Analytica. Perhaps you even watched a few laughable clips from Mark Zuckerberg’s senate hearing. What you should be learning from all of these things, is privacy and security are being examined with a fine-toothed comb. The rules are being rewritten and hopefully made simpler so that the common consumer can understand them. Although GDPR is currently being enforced in the European Union, it is making waves throughout US companies.  

 

Replacing Fear With Trust

For IoT companies who rely on personal information, require cameras and even microphones for their devices to operate, personal privacy is taking the forefront of public priority. Simply put, consumers don’t want to be spied on, and the more they learn about how their smart devices work, the less comfortable they feel using them.

Achieving GDPR compliance can be particularly difficult for IoT companies because of how personal data is processed in their devices. Gaining consent, then, is a matter of demonstrating how consumer information is protected resulting in a relationship of trust from the onset.

The 6 Steps Of The Path To Compliance.

1. Collect and process data responsibly

Even if your IoT devices don’t collect personal information, that doesn’t mean you are exempt from GDPR regulations. You should know where your data is stored, how it is being protected and how you will resolve problems when they arise.

2. Make Clear Consent Your Priority

Just like in a healthy personal relationship, consent should be given from consumers before any data is collected. Consumers should also understand exactly how their data will and will not be used. Gone are the days where privacy policies can span 300 pages without any consequences.

3. GDPR regulations apply to you and everyone else in your supply chain

According to Guy Bunker, SVP of products at Clearswift, “The IoT community needs to think beyond getting consent. They need to consider what they will go through if consent is removed and customers ask for the right to be forgotten. In some cases, you will need to do a reasonable amount of work.” It is essential to have their data removed from all links in the supply chain.

4. Keep A Record Of Compliance

There is nothing worse than an auditor with an agenda, and GDPR investigations can be just as intensive. Be prepared to clearly demonstrate how your company complies with regulations. Keeping clear records now will make future you much less stressed.

5. Privacy and security should be default designations

It should now be assumed that no consumer is going to want all of their data willfully distributed. Privacy is a right and should be treated as such, especially when it comes to consumer goods.

6. Make GDPR your business differentiator

Consumers are watching the headlines. They’ve seen the Equifax breach, the Cambridge Analytica and Facebook scandals, among a handful of retail store breaches. No one wants their information compromised. It’s that simple. So use that base consumer need to set yourself above the competition. GDPR compliance should not be about avoiding fines, but developing trust with your customers. There are few things more valuable than consumers who feel safe using your brand because their will become your very own evangelists–if you earn it.

––––––––––––––––––––––––

Are you a security dealer? Read our white paper on making service a priority. Companies who retain just 5% more customers improve profitability by up to 100%. 

Download Now 

You May Also Like

These Stories on Technology

Subscribe by Email

No Comments Yet

Let us know what you think