Blogs

Preparing for the new EU data laws in the IoT space

December 26, 2017

Posted by: Zenobia Hegde

Steven Farmer of Pillsbury Law

Another day, another story of a cyber breach hits the news. Recent reports suggest that Uber was one of the latest victims, with 2.7 million people in the UK being affected by a cyber attack that took place in 2016, says Steven Farmer of Pillsbury Law.

With the most significant overhaul of EU data protection laws scheduled to come into effect in May 2018, data protection stories look set to remain in the headlines. The new General Data Protection Regulation (GDPR) will have direct effect throughout the EU, and the UK Government has committed to retaining the law post-Brexit. The new law not only requires private organisations and public entities to report data breaches to regulators in most circumstances, but also empowers those regulators to issue significant fines where breaches occur.

What does the new law say?

The new law changes the existing legal framework and empowers regulators to issue fines of up to four percent of global corporate turnover or €20 million for each breach, whichever is greater. Organisations in the IoT space are particularly vulnerable given the amount of information collected, and the potential weakness in wireless technologies, which can be exploited by hackers.

Businesses in the IoT space should be aware of the following key points:

What should businesses be doing?

With the risk of heavy fines under the GDPR, not to mention the reputational damage and potential loss of consumer confidence caused by non-compliance, nothing should be left to chance.

In terms of key first steps, IoT companies might consider prioritising the following as a minimum:

As the 25th May 2018 draws ever closer, the advice to firms in the IoT sector that are yet to consider their obligations is to start thinking about compliance sooner rather than later. Falling foul of the GDPR could not only damage customer trust, but could also have profound financial implications. As the adage goes: ‘those who fail to prepare are preparing to fail’.

The author of this blog is Steven Farmer, counsel at Pillsbury Law

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow