What changes for Internet of Things technologies with the EU Data Protection Regulation
1 like3,533 views
The document discusses the impact of the EU General Data Protection Regulation (GDPR) on Internet of Things (IoT) technologies, highlighting key obligations and changes necessary for compliance. It emphasizes the importance of data protection, particularly regarding personal data, and outlines steps organizations should take to prepare for GDPR implementation by May 2018. Additionally, the document presents how DLA Piper can assist companies in achieving compliance through tailored assessments and methodologies.
What changes for Internet of Things technologies with the EU Data Protection Regulation
- 1. www.dlapiper.com 1Insert date with ‘Firm Tools > Change Presentation’ WHAT CHANGES FOR INTERNET OF THINGS TECHNOLOGIES WITH THE EU DATA PROTECTION REGULATION? Speakers: Giulio Coraggio – DLA Piper, Italy (Giulio.Coraggio@dlapiper.com) Antoon Dierick – DLA Piper, Belgium (Antoon.Dierick@dlapiper.com)
- 2. www.dlapiper.com 2Insert date with ‘Firm Tools > Change Presentation’ Our DLA Piper team today Giulio Coraggio DLA Piper, Italy (Giulio.Coraggio@dlapiper.com) Antoon Dierick DLA Piper, Belgium (Antoon.Dierick@dlapiper.com)
- 3. www.dlapiper.com 3Insert date with ‘Firm Tools > Change Presentation’ Agenda 1.Timing, scope and importance of the GDPR for IoT technologies 2.What changes for Internet of Things technologies 3.What to do to be ready in 2018 4.How DLA Piper can help you
- 4. www.dlapiper.com 4Insert date with ‘Firm Tools > Change Presentation’ A single data protection law across the whole European Union, with some exceptions… Put 25 May 2018 in your agenda!
- 5. www.dlapiper.com 5Insert date with ‘Firm Tools > Change Presentation’ Purpose GDPR: Protection constitutional rights and fundamental freedom of individuals; more in particular protection of personal data. Personal data: "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" Personal data
- 6. www.dlapiper.com 6Insert date with ‘Firm Tools > Change Presentation’ It applies to wherever you are located both One stop shop benefits
- 7. www.dlapiper.com 7Insert date with ‘Firm Tools > Change Presentation’ Regardless of whether you are a B2B or a B2C supplier if personal data is processed New obligations for data processors… Renegotiating data processing agreements?
- 8. www.dlapiper.com 8Insert date with ‘Firm Tools > Change Presentation’ Why is it so important for IoT technologies? Large amount of data Sharing of data (M2M or individual to machine) Deep profiling of customers Often transferred cross border
- 9. www.dlapiper.com 9Insert date with ‘Firm Tools > Change Presentation’ And the potential sanctions are now massive of the global turnover New accountability principle…
- 10. www.dlapiper.com 10Insert date with ‘Firm Tools > Change Presentation’ Also cyber risk becomes a higher threat… in case of data breach…. Security measures adequate or not?
- 11. www.dlapiper.com 11Insert date with ‘Firm Tools > Change Presentation’ Agenda 1.Timing, scope and importance of the GDPR for IoT technologies 2.What changes for Internet of Things technologies 3.What to do to be ready in 2018 4.How DLA Piper can help you
- 12. www.dlapiper.com 12Insert date with ‘Firm Tools > Change Presentation’ You can still collect data…
- 13. www.dlapiper.com 13Insert date with ‘Firm Tools > Change Presentation’ The IoT needs to grow, so what to change in your products and organization?
- 14. www.dlapiper.com 14Insert date with ‘Firm Tools > Change Presentation’ Is your customer's profile portable? old car new car profile
- 15. www.dlapiper.com 15Insert date with ‘Firm Tools > Change Presentation’ Transfering of data outside the EEA Same rules but…
- 16. www.dlapiper.com 16Insert date with ‘Firm Tools > Change Presentation’ Are you going to be certified? Where is the burden of the privacy certification going to stand?
- 17. www.dlapiper.com 17Insert date with ‘Firm Tools > Change Presentation’ Agenda 1.Timing, scope and importance of the GDPR for IoT technologies 2.What changes for Internet of Things technologies 3.What to do to be ready in 2018 4.How DLA Piper can help you
- 18. www.dlapiper.com 18Insert date with ‘Firm Tools > Change Presentation’ 1. Mapping the data that is currently processed within the group and assessing whether all data processing is necessary 2. Assessing how data is processed by the company and the technical infrastructure – review of internal policies (if any) – review of technical functioning of IoT products/services 1. Deleting data that is not necessary and represents only a potential risk 2. Reviewing the current data processing agreements What is on your immediate to do list? What to do to be ready in 2018 > To do list
- 19. www.dlapiper.com 19Insert date with ‘Firm Tools > Change Presentation’ 5. Assessing whether the current group structure is privacy efficient under the one-stop shop rule 6. Appointing a data protection officer (or outsourcing it to a third party) 7. Planning the implementation of 1. Internal policies 2. Privacy impact assessment 3. Privacy by design and privacy by default 4. Security by design What is on your immediate to do list? (ii) What to do to be ready in 2018 > To do list
- 20. www.dlapiper.com 20Insert date with ‘Firm Tools > Change Presentation’ Agenda 1.Timing, scope and importance of the GDPR for gambling companies 2.What changes for gambling companies 3.What to do to be ready in 2018 4.How DLA Piper can help you
- 21. www.dlapiper.com 21Insert date with ‘Firm Tools > Change Presentation’ How DLA Piper can help you > DLA Piper GDPR Compliance Methodology GDPR Impact Assessment: Tailored assessment of the relevance of the GDPR provisions Gap Analysis: Analysis of the actual level of compliance Internal evaluation and prioritization: Determining risk appetite of the company and action plan Implementation: During this phase, the action points identified in the action plan during Module 3 will be implemented. This should consequently result in taking the necessary measures to achieve compliance with GDPR requirements Consolidation of Compliance: Avoiding GDPR infringements (internal and external documentation)
- 22. www.dlapiper.com 22Insert date with ‘Firm Tools > Change Presentation’ How DLA Piper can help you > DLA Piper standard privacy tools
- 23. www.dlapiper.com 23Insert date with ‘Firm Tools > Change Presentation’ Access our Data Protection Laws of the World Handbook at www.dlapiperdataprotection.com How DLA Piper can help you > Stay informed
- 24. www.dlapiper.com 24Insert date with ‘Firm Tools > Change Presentation’ Questions? Giulio Coraggio DLA Piper, Italy (Giulio.Coraggio@dlapiper.com) Antoon Dierick DLA Piper, Belgium (Antoon.Dierick@dlapiper.com)
Editor's Notes
- #2: who starts speaking?
- #3: Giulio
- #4: Giulio
- #5: Giulio
- #6: Giulio
- #7: Giulio One stop shop -
- #8: Giulio
- #9: Antoon
- #10: Antoon
- #11: Antoon
- #12: Giulio
- #13: Giulio
- #14: Giulio
- #15: Antoon
- #16: Antoon
- #17: Antoon
- #18: Giulio
- #19: Giulio
- #20: Giulio
- #21: Giulio
- #22: Giulio
- #23: Giulio
- #24: Giulio
- #25: Giulio