GDPR Compliance & Readiness
The prodigious step taken by the European Commission, General Data Protection Regulation (GDPR) will not only strengthen and unify the personal data of individuals within the European Union (EU) but will also address the export of personal data outside the EU. The regulation which came into effect on May 25, 2018, will handle EU residents’ data, specifying what type of data a business may collect, how, where, when and why it should be stored, used, processed, or disposed. It will also enhance the current data protection laws that are designed to enhance the rights of individuals and protection of their personal information.
A quick primer on legalese associated with GDPR:
Data Subject: The one whose personal information is collected
Data Controller: The one who collects personal information from a data subject
Data Processor: The one who processes the collected personal information from a data subject
IoT & GDPR – The issue of consent
Internet of Things (IoT) is a volatile industry with a heavy focus on data collection. Data gathering is one of the key aspects of IoT. The GDPR aims to provide you a fair and consistent legal framework to enable the developments in IoT and to protect your right to privacy as connected machines play an ever-increasing role in daily lives.
Designed with built-in data security and privacy services, we welcome GDPR as an opportunity to deepen our commitment to data protection. What is important to us is helping you, our partners and customers, understand what GDPR means for your businesses and build compliant processes of your own.
Our key to success lies in our strategic partnerships with various System Integrators, Resellers, and Hardware Partners. We give you the liberty of customizing our Platform or Solutions. As a partner, you can white label/rebrand our Platform & ready to deploy solutions and can deploy it to the customer base. You will then act as data controller/processer who is responsible for handling the personal data of the data subjects. Any additional personal data that you are collecting due to customizations in our platform or solutions, you have to ensure that it is GDPR compliant. Becoming compliant with the regulation can be summarized in five different stages. You can consider the following points.
Identify
- Develop in-depth understanding o fGDPR
- Create an inventory of all the personal data that you collect
Assess
- Review existing policies and contracts for GDPR compliance
Document
- Maintain updated logs of all other activities
Monitor
- Recursive reviews the privacy policy and other policies relevant to data security
- Staying compliant to GDPR at any point of time
Implement
- Ensure privacy notices are present wherever required
- Establish mechanisms to get and manage consent from subjects
- Establish the process for notification of data breaches.
Disclaimer: This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and/or your organization.