TUV Rheinland: Need for action in the implementation of the EU GDPR

Press Release

Demand for data minimization / Security in the digital world with “Trust IoT – from start to finish” as end-to-end solution / More information at www.tuv.com/en/trustiot

COLOGNE, Germany, May 29, 2019 /PRNewswire/ — Since May 25th, 2018, all companies operating in the European Union have to implement the European General Data Protection Regulation (EU GDPR). Among others, the regulation affects manufacturers and suppliers of products that are connected to the internet and that communicate independently via the internet. Now, users of so-called IoT products are in a better position than before to take action against misuse or mishandling of their personal data. According to the experts at TUV Rheinland’s “Center of Excellence (CoE) IoT Privacy”, in which the globally active testing service provider bundles its IoT testing activities for data protection and data security, there is still a need for action in implementing the EU GDPR.

“While providers and users are naturally moving in the same direction when it comes to data security and both sides want to avoid hacker attacks, there is a conflict of interest when it comes to data protection. Providers want to know as much as possible about their customers and users want to protect their privacy,” explains Gunter Martin, Chief Technology Officer at the CoE IoT Privacy at TUV Rheinland.

The EU GDPR, for example, provides for data minimization: Personal data must be limited to what is necessary for the purposes of processing. “This demand for data minimization should already be taken into account in the product design. Technically, the device should only be able to supply data that is needed for the agreed purpose and that cannot be collected by other means. Our practice shows that there is still a lot of catching-up to do on the part of the manufacturers,” Martin continues. The same also applies to password security, encryption and update processes. Gunter Martin is particularly critical with regard to the EU GDPR with regard to the data protection declarations used in some cases. “According to the EU GDPR, the processing of personal data is always subject to a purpose limitation. However, consents are often formulated too comprehensively and allow data to be used for purposes that have nothing to do with the actual application,” says Gunter Martin.

Security in the digital world: “Trust IoT – from start to finish” as an end-to-end solution

Data protection and trustworthiness of digital systems as well as smart products are crucial for innovation and trust in manufacturers and vendors. “Our services as an independent qualified body can contribute to making digital services and smart products more secure. With our tests of consumer data protection we can create market comparison opportunities that strengthen confidence in manufacturers and at the same time stand for security in the digital world,” says TUV Rheinland expert Gunter Martin.

Since 2017, TUV Rheinland’s CoE IoT Privacy has been globally offering a service package that meets the requirements of end-to-end data protection in the fast-growing Internet of Things market. The portfolio includes two innovative data protection certificates. In addition, TUV Rheinland’s “Trust IoT – from Start to Finish” end-to-end solution service can also help manufacturers and system providers meet all professional requirements in terms of compliance, interoperability, functional security, and IT security.

Further information can be found at www.tuv.com/en/iot-privacy

TUV Rheinland is a global leader in independent inspection services, founded nearly 150 years ago. The group maintains a worldwide presence of more than 20,000 people; annual turnover is EUR 2 billion. The independent experts stand for quality and safety for people, technology and the environment in nearly all aspects of life. TUV Rheinland inspects technical equipment, products and services, oversees projects, and helps to shape processes and information security for companies. Its experts train people in a wide range of careers and industries. To this end, TUV Rheinland employs a global network of approved labs, testing and education centers. Since 2006, TUV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption. Website: www.tuv.com