How IoT security issues can be addressed with GDPR

Date: 2018/11/07
Source: William Pao, a&s International
Needless to say, more and more end users are now relying on IoT and the data they generate to enhance efficiency and business intelligence. But at the same time, how to manage and secure data has become a major challenge. In this regard, GDPR, or General Data Protection Regulation recently implemented in Europe, can help address IoT security issues.
 
That was the point raised by Axis Communications in a recent blog post titled “GDPR’s role in delivering a smarter, safer world.”
 
The Internet of Things has become more and more prevalent these days and can have applications in various segments, from smart city to smart building to logistics. However, with the rise of IoT and the data generated by connected devices, managing these data properly becomes key.
 
“Use of Internet of Things (IoT) devices is growing exponentially. However, as these devices and systems have become more sophisticated, the volume of data they hold has grown,” the blog post said. “The rise of the IoT, supplemented by a shortage in cybersecurity skills, a lack of consideration for security throughout supply chains, and siloed communications had led to a worrying rise in data breaches and successful cyberattacks.”
 
According to the post, this is where users can be assisted by GDPR, which was approved by the EU Parliament in 2016 and enforced on May 25 this year. According to the web portal eugdpr.org, the directive is designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy.
 
“The arrival of GDPR was a much-needed response to an ever-changing technological threat-landscape, and has dramatically altered how businesses view cybersecurity and data protection,” the Axis post said.
 

Improving cybersecurity

 
So exactly how does GDPR help improve cybersecurity? For starters, it has certainly raised user awareness on the issue of data security.
 
“The regulation’s arrival specifies that all data gathered via IoT technologies must now be securely managed. As organizations scrambled to ensure they are GDPR compliant, the issues and challenges around security have now been pushed to the forefront of consumers and businesses’ minds,” the post said.
 
Meanwhile, the concept of “security by design and default” will now take hold more firmly as companies seeking to be GDPR-compliant must take data security in mind throughout the entire project implementation process.
 
“A truly secure service or solution can only be accomplished if security has been analyzed at every stage of a project – from development through to deployment. The key is to ensure ‘security by design,’ where everyone involved understands the security implications of a breach and how to prevent one, as well as how to react if the worst does occur,” the post said.
 
According to the post, ensuring GDPR compliance is collaborative effort, both internally within an organization and externally with other parties. “Good security must be all-inclusive, as the best cybersecurity solution will be worthless if those that use it aren’t properly trained. Therefore, it’s imperative that data processors and controllers are aware of their responsibilities and that all staff are well educated, helping to create a culture of cybersecurity. But companies shouldn’t just look inwards. Collaboration with system vendors, integrators and installers is also hugely important. Conversations need to take place across the supply chain throughout a project to ensure needs are understood and security risks managed,” it said.
 
It goes without saying that GDPR has created huge burdens on end user entities as they took classes and consulted experts on how to become compliant. But in the end it’s all worth it, the post said. “Although the introduction of the GPDR was a taxing time for many, it has already produced positive results, opening lines of communication across supply chains, improving education around cybersecurity and accelerating growth in security and data protection measures,” it said.
Related Articles
Security megatrends for 2019 identified
NIS Directive calls for more stringent cybersecurity practices
Dahua Technology discusses GDPR and cybersecurity with industry leaders at IFSEC