Zoltán Précsényi, Director of Government Affairs, Symantec, gives a heads-up on Getting Up-Close and Personal with GDPR, ahead of his fireside chat at TM Forum’s Internet of Everything InFocus 2017 event (October 17-18, Amsterdam, Netherlands).
The European Union’s General Data Protection Regulation (GDPR) is a legal framework that will come into force on May 25, 2018*. How it relates to the internet of everything (IoE) is not well understood.
Data security and privacy are the two building blocks that can make or break IoE, and there we have a problem. While data is at the root of all the prospects IoE brings – measuring more, improving more, selling more – many, if not most smart devices are nowhere near secure enough to ensure meaningful levels of data accuracy and integrity. Cyber criminals know that well, and as with every generation of new technologies, they have been among the most creative and proactive in taking advantage.
A Symantec test looked at how long it take for an average IoT device, let loose on the internet, to be cyberattacked:
There are abundant reports about some of the more spectacular cyberattacks. The Mirai botnet, for example, caused a massive internet outage in autumn 2016 for high profile websites like GitHub, Twitter, Reddit, Netflix, Airbnb and many more. The attackers used more than a million zombie IoT devices to launch a massive distributed denial of service (DDoS) attack which effectively took down swathes of these online services for several hours.
It is high time everyone started thinking ‘end-to-end security by design’ in their IoT activities, otherwise tomorrow’s IoE might well become the most insecure environment we have ever lived in.
Getting ready for regulation
Much of the IoE data collected is likely to be the kind of personal data that comes under the European Union’s (EU) General Data Protection Regulation (GDPR), and will need to be compliant. When we talk about collecting more and measuring more, we tend to forget that this data is often eminently personal aspects of peoples’ lives. When they turn on the light, where they drive their car, what medicine they take, etc.
Yes, even the engine performance tracking the data of a forklift in a warehouse could be personal data, in that it may reveal a lot about the work performance of the employee operating it. Do they do their shift as they should? Do they drive carefully or recklessly?
The number of passengers on board a tram may not be personal and seen as ‘industrial’ data, but if you correlate smart phones whose geolocations with your tram’s, you are processing personal data about those individuals.
Such complex webs of compliance considerations are what then makes IoE data management and data monetization quite the tall order.
The GDPR is coming into force on 25 May 2018, while IoE is to bring tens of billions of new devices online within a few years – GDPR-readiness must be taken seriously.
So how are we doing today?
Symantec’s research found there is work to do; companies’ preparedness is definitely behind schedule, their preparation efforts are often insufficient and, in many cases, they have only a basic awareness and understanding of crucial issues as shown below.
Avoid being one of those firms, come to the fireside chat in Amsterdam – Getting Up-Close and Personal with GDPR – to find out more about the GDPR for IoE.
*GDPR is designed to strengthen and unify data protection for all individuals within the European Union (EU), including the export of personal data outside the EU. The primary objectives of the GDPR are to give citizens and residents control of their own data and to simplify the regulatory environment for international business.