GDPR Privacy Implications for the Internet of Things

Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)
Daniel Bastos (ESR11)
Fabio Giubilo (ESR9)
Mark Shackleton
Fadi El-Moussa

Starting on May 25th of 2018 all EU countries begin to apply the General Data Protection Regulation (GDPR). This aims to protect and regulate data privacy and applies to any organization that holds or processes data on EU citi-zens, regardless of where it is headquartered. The penalties for non-compliance can be as high as 4% of global revenue for companies. As a result, compliance with GDPR is a must for companies who deal with users’ data. The hallmark for data collection nowadays is Internet of Things devices. With sensors capturing every piece of information from the surrounding environment, concerns about privacy and data breaches have never been so vital. This document introduces GDPR concepts and principles, analyses the challenges of data protection in IoT systems, discusses the privacy implications and potential issues, presents some mitigation approaches and draws conclusions and future steps.

Savoy Place, IET, London, UK
Tuesday, December 4, 2018