A smart home is a house equipped with connected components such as lighting, heating, and electronic devices that can be controlled remotely by phone or computer. In order for all these systems to work effectively, they must be connected to one another on the same wireless network. This is known as Machine to Machine connection or M2M connectivity. With huge market growth projected for the smart home market, the market for M2M connections is expected to grow simultaneously. By the year 2020, the U.S. M2M connections market is projected to be worth $7,262.76 million.* By 2021, the number of total M2M connections is expected to be 3.3 billion worldwide.**
With such a high increase in M2M connections in the future, there will also be a high increase in the amount of data that is exchanged between them. A large amount of user data is continually collected and stored online for research and consumer engagement. From profiles to preferences, to user engagement habits, personal user data lives online and is vulnerable to intrusions. Sensitive information such as IP addresses, patient numbers, and client numbers need to be properly safeguarded to prevent serious consequences.
Smart devices within a smart atmosphere generate massive amounts of personal data as well. These devices, especially within a connected home, typically contain very intimate data. This includes private data such as online payment information, credit card numbers, private family information, and more. With smart home and M2M markets growing at such a high rate, it is imperative that personal data is protected. Thus, data privacy is critical for manufacturers to consider when designing wireless devices.
Released in May 2018, the General Data Protection Regulation (GDPR) has tightened up the regulations around keeping personal data safe. Under the GDPR, the definition of personal data has been expanded, which is very good news for the consumer. The wider the scope on what personal data is, the more it will be protected. For companies to define whether their devices or business collects personal data, they must ask themselves the following questions:
- Can a living individual be identified from the data or from the data that is likely to come into your possession?
- Does the data ‘relate to’ the identifiable living individual, whether in personal or family life, business or profession?
- Is the data ‘obviously about’ a particular individual?
- Is the data ‘linked to’ an individual so that it provides particular information about that individual?
- Is the data used, or is it to be used, to inform or influence actions or decisions affecting an identifiable individual?
- Does the data have any biographical significance in relation to the individual? Does the data focus on the individual as its central theme rather than on some other person, or some object, transaction, or event?
- Does the data impact or have the potential to impact an individual, whether in a personal, family, business or professional capacity?
If device manufacturers or companies are aware that they will be collecting personal information, it is important that they take the necessary steps to protect it through the use of cyber security. In doing so, they must comply with all GDPR regulations for protecting data. Companies failing to comply with the GDPR can face major financial penalties, legal issues, reputation damage, and loss of shareholder value.
For more information, speak with our experts: