The European Union’s (EU’s) General Data Protection Regulation (GDPR) is set to take effect in May 2018, and while it is principally aimed at strengthening the rights of human data subjects and improving compliance across EU member states, it has implications on Internet of Things (IoT) suppliers as well. Rules pertaining to data collection "apply to any information concerning an identified or identifiable natural person,' which implicates IoT devices in the wearable, smart home, transportation, industrial, and smart cities markets used to gather, evaluate, influence, or use data on an individual.
This report from CCS Insight covers the rules of consent for personal data collection, as well as certain exceptions. In addition, IoT stakeholders will learn:
- How data can be administered and the rights of data subjects under GPDR
- What aspects of GPDR are still open to interpretation, could be modified, or leave room for technical advancements
- What IoT suppliers can do now to start working towards GPDR compliance