IOT and GDPR: Allies or Adversaries?

As the GDPR enforcement date draws closer, every business leader has the same question-does GDPR spell doom for the connected devices? With data being the mainstay of today’s digital economy, the consequences of GDPR will be far-reaching.


Internet of Things is a modern development that requires, thrives, and evolves on data. As their demand is exceeding, it is estimated that there will be 20 billion devices by 2020. Through this, the GDPR compliance will become difficult. However, GDPR can intervene in the growth of connected devices and set back the technological advancement by years.

The Challenges Involved

Ensuring Security

IoT security is at best a work-in-progress. GDPR is all about securing personal data. The gap will arise a question, that how come IoT businesses can be a part of changing the regulatory environment. But, GDPR does not ask companies to pinpoint the security measures they use. For instance, multi-factor authentication is an acceptable security measure. Therefore, companies will choose secure methods to align with their systems, risk appetite, and financial position.

Consent or No Consent

GDPR requires that users must provide their explicit content for companies so that they can use their data. It does not accept inactivity as consent. There is not much clarity on how IoT is going to accomplish this requirement. User consent is the best way to start before they start using devices. But, IoT devices contain huge data, so its a duty of a data collector to consider all kinds of scenarios, in which the consent might be required. Since kids under the age of 13 can anyway not give specific content, this poses another operational problem.

Data Location

GDPR has given users full rights to beware that how a company is dealing with their data. Dealing includes, how are they accessing, managing and storing the information. But, due to IoT, multiple devices are working simultaneously, it becomes challenging for a data collector to precisely know the location and the usage details.

Companies have to make sure that they go back to the drawing board and understand all the possible scenarios where data collection and sharing occurs. The good news is that under IoT and GDPR if a user places a request, companies have a month to reply to the query.

The Way Forward

IoT is a part of our everyday life, and it is gaining increasing relevance by the day. The GDPR can slow down the performance of companies in this space. But, in the long run, these privacy laws offer an opportunity rather than an impediment. As the stakes of data breaches and misuse rise, these laws offer new opportunities for legitimate companies to improve their security protocols. This way, a user will find himself secure with an organization, which will take care of its privacy. It will automatically enhance his service experience and gratification. Any up gradation requires a change in the status quo and complying with GDPR is that change.

Will this change gives birth to a more secure, user-controlled internet or will it prove to be detrimental to the evolution of technology, only time will tell?

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month