10 Ways GDPR Will Affect Engineers Part Two

10 Ways GDPR Will Affect Engineers Part Two 10 Ways GDPR Will Affect Engineers Part Two 10 Ways GDPR Will Affect Engineers, Part 2Part 1 looked at some the challenges GDPR poses to engineering and manufacturing companies that design and produce smart devices. This part of the story takes a closer look the impact GDPR has on the Internet of Things, smart cities, and security.4) Smart Devices Might Have to Be Less SmartSmart devices, especially those used in the home, could amass huge amounts of personal data without identifying individuals. But the data could make an individual almost identifiable or build a comprehensive picture of what a persons home life is like.The key challenge with this will be assessing the extent to which this information is personal data and then ensuring that the appropriate safeguards are in place in relation to it, the lawyers say.University of Edinburgh is one of 14 universities in UK selected to lead cyber security research. Image University of Edinburgh When making hardware and software changes in engineering projects, ask these questions Is the personal data kept secure? How can you provide transparent information to individuals? What is the personal data being used for and do you have a legal basis for each use?These are all questions GDPR requires organizations to ask and answer when personal data is collected.For You How Industry 4.0 Impacts Engineering Design5) Plugging Security Holes, Especially in IoTMultiple security steps need to be taken to mitigate risk, especially with IoT systems deployed in critical infrastructure and industrial systems. Security assessments need to be conducted, and its important to understand who is responsible for managing risks in automation and IoT.Given the poor state of IoT security, if data breaches occur, worker personal data could also be implicated. The quick data breach notification requirements in GDPR to report within 72 hours to authorities may pose practical strains for assessing the scale, nature and impact of breaches for distributed, interdependent systems, says the University of Ediburghs Lachlan Urquhart, a lecturer in technology law.Risk can be mitigated by managing data (often user information) effectively across supply chains and manufactured products. Also, budget to patch and manage legacy IoT systems and networks of devices like PLCs that may be vulnerable to hacks.6) Smart City ChallengesIoT is key in smart cities, but GDPR challenges could emerge. Lines could blur between consent and the right to be forgotten in smart cities where devices track movement or in retail spaces or intelligent public displays where advertisements are delivered to consumers.User interactions with devices may be transient as they walk past, so data management needs to reflect this, Urquhart says. Implementing the right to be forgotten could be one challenge, but a bigger one is the legal basis for collecting data in the first place.Explicit consent is needed when more sens itive data like biometrics or health information is collected. Redesigning consent mechanisms for public space IoT may involve finding creative ways to use affordances of smart technologies to communicate with users example, gesture recognition or even using icons, as GDPR suggests, Urquhart says.7) Data PortabilityA lot of personal data is stored in the cloud, but users have limited access to it. GDPR has fangs for users to have more control over that data. An interesting design challenge in GDPR is related to implementing the right to data portability for IoT.Under GDPR, users have a right to receive their data from a data controller in a structured, commonly used, interoperable, machine readable format much like how Facebook provides an archive of personal data to users for transmission to another controller. Users can decide how the other controller uses the data.In response, personal information management systems can help, as users decide who can access data, why, and fo r how long, Urquhart says. New edge computing architectures are emerging where privacy engineers prioritise usability and user rights.One project called Databox brings analysis to the local data, as opposed to centralizing it in the cloud. It welches built with GDPR compliance in mind, and addresses concerns like accountability of data processing to users and reducing the need for international data transfer.8) Think Beyond BordersThe GDPR regulation doesnt apply to countries outside the EU. But if a U.S. company wants to engage EU customers, they need to think carefully about capturing personal data and device design. Companies like Siemens and Starfish Medical have policies in place to apply GDPR on a worldwide basis. Customizing specialized devices for individual markets can be an expensive proposition.9) Train Employees in GDPREvery employee needs to be aware of how to handle personal data and the policies and procedures to ensure compliance with GDPRs accountability principle.A n organizations employees are really the key to ensuring ongoing compliance, so their training and engagement is of paramount importance, the lawyers at Womble Bond Dickinson say.10) Pathway for New TechnologiesGDPR could pave a path for implementation of new technologies like Blockchain so that users get a full view how their data is being used. This can be tied into other Blockchain-driven systems implemented by companies like Syncfab that are putting idle factories to work.Read MoreEngineers Break Down Borders3D Printing a Future of New Metal ActuatorsHow Industry 4.0 Impacts Engineering Design For Further DiscussionUser interactions with devices may be transient as they walk past, so data management needs to reflect this. Lachlan Urquhart, University of Edinburgh