DEMONSTRATING GDPR AND DATA PROTECTION COMPLIANCE OF IoT
Personal data protection is a fundamental right. However, many companies routinely collect a growing number of personal data on EU residents and trade them as a commodity. The General Data Protection Regulation (GDPR) has been adopted to better protect personal data and data subjects’ rights. The strong penalties of the GDPR now constitute a strong incentive and catalyst for making data processing comply with the regulation.
Several solutions are merging from the research to support and demonstrate the compliance of IoT relate data processing with the GDPR and other data protection regulations. The session will present some solutions emerging from the research community and discuss some of the challenges related to IoT compliance, including certification.
For instance, universal certification schemes are cost-efficient but tend to ignore technology specific requirements. On the other hand, specialized certification schemes are often inadequate to certify data processing that tends to be increasingly complex by nature and combining diverse technologies in a single data processing, such as Internet of Artificial intelligence, blockchain, .
The session will leverage examples from the research, such as Europrivacy and DP-ID to see how they addressed such challenges. Europrivacy is an innovative certification scheme developed in the H2020 European Research Programme for assessing and certifying the GDPR compliance of data processing activities, with the support of technological enablers. It has been designed to deliver reliable, cost-efficient, and comprehensive certifications of a wide scope of data processing across industries, including with emerging technologies, such as Artificial Intelligence or blockchain.
The session will introduce the challenges faced by organizations following the adoption of the GDPR and leverages on the current state-of-the-art solutions for demonstrating and potentially certifying GDPR compliance.