GDPR’s role in delivering a smarter, safer world

Steven Kenny

A refreshed approach to cybersecurity has been a long time coming. Use of Internet of Things (IoT) devices, those that can connect and share data with each other in real-time, is growing exponentially and are being utilised in everything from industrial processes through to consumer devices. However, as these devices and systems have become more sophisticated, the volume of data they hold has grown.

The rise of the IoT, supplemented by a shortage in cybersecurity skills; a lack of consideration for security throughout supply chains; and siloed communications, had led to a worrying rise in data breaches and successful cyber-attacks. The arrival of the General Data Protection Regulation (GDPR) earlier in 2018 was a much-needed response to an ever-changing technological threat-landscape, and has dramatically altered how businesses view cybersecurity and data protection.

How GDPR is helping businesses improve cybersecurity

Until the GDPR’s implementation, very little or no consideration had been taken around the privacy and security of such devices. However, the regulation’s arrival specifies that all data gathered via IoT technologies must now be securely managed. As organisations scrambled to ensure they are GDPR compliant, the issues and challenges around security have now been pushed to the forefront of consumers and businesses’ minds.

Although the introduction of the GPDR was a taxing time for many, it has already produced positive results, opening lines of communication across supply chains, improving education around cybersecurity and accelerating growth in security and data protection measures. Compliance is now being viewed as a tool for companies to give its public reassurance that their personal data is safe, instead of being considered as a burden, or a box-ticking exercise.

Data protection by design and default

Any organisation implementing large scale IoT projects that generates or manages personal data, or PII, must comply with GDPR. This means data protection from the outset of a project, by design and default, must be a top consideration. A truly secure service or solution can only be accomplished if security has been analysed at every stage of a project – from development through to deployment. The key is to ensure ‘security by design’, where everyone involved understands the security implications of a breach and how to prevent one, as well as how to react if the worst does occur.

Good security must be all-inclusive, as the best cybersecurity solution will be worthless if those that use it aren’t properly trained. Therefore, it’s imperative that data processors and controllers are aware of their responsibilities and that all staff are well educated, helping to create a culture of cybersecurity. But companies shouldn’t just look inwards. Collaboration with system vendors, integrators and installers is also hugely important. Conversations need to take place across the supply chain throughout a project to ensure needs are understood and security risks managed.

As a provider of smart, IP-enabled security devices, Axis strives to help businesses navigate the ever-changing world of cybersecurity through its expert knowledge, developing a number of tools to guide the way. This includes the sponsorship of the whitepaper ‘Smart GDPR assurance for a smarter world’, which discusses stakeholder roles in achieving data protection and security by design in smart, IoT-focused projects.

Together we can builder a smarter, safer world, and those complying with the GDPR will become more competitive through the extra value they add to existing services.

Download the Smart GDPR assurance for a smarter world whitepaper here