TUV Rheinland: Data Protection with IoT Data Privacy Certificates
COLOGNE, Germany, Nov. 21, 2017 /PRNewswire/InfoQuest
TUV Rheinland’s Global Competence Center for IoT Privacy has announced a new package of services addressing the end-to-end data protection requirements in the rapidly growing Internet of Things (IoT) market. By providing first-of-a-kind protected privacy certificates, it is uniquely positioned with a differentiated set of capabilities. The solution is focused on providing a product and a service certificate which the product manufacturers and system providers can use to demonstrate that they have been audited in accordance with the requirements of the EU GDPR.
New Rules for IoT Devices
The provisions of the EU GDPR, which also include new legal requirements for data protection in product development (privacy by design), must be implemented by May 25, 2018, following a two-year transitional period. Otherwise, substantial fines and penalties may apply. The EU GDPR applies to manufacturers and suppliers of products that are connected to the Internet and communicate independently over the Internet (known as IoT products), with the stipulation that these products process or store personal data. As an example, this may include a number of smart home products, connected smart toys, or wearable health products like fitness armbands.
Clarity on Data Protection and Data Security Requirements
“The market for IoT devices is growing at a rapid rate. At the same time, there is a lot of consumer uncertainty surrounding data protection and data security for these devices, which poses a genuine market barrier to manufacturers and system suppliers. Our certificates establish trust in the IoT market for consumers and manufacturers alike,” explains Udo Scalla, Head of Global Competence Center IoT Privacy at TUV Rheinland.
To obtain a Protected Privacy IoT Product certificate, an IoT product has to be fully assessed for privacy requirements. “Our assessment focuses on characteristics that are designed to protect privacy and investigates whether, for example, an existing data memory can be deleted and whether data transmission is encrypted. We can test as many as 50 individual requirements, depending on the complexity of the device. These are all derived from the EU GDPR,” explains Gunter Martin, Solutions Director at TUV Rheinland’s Global Competence Center for IoT Privacy. The assessment required to obtain a Protected Privacy IoT Service certificate is aimed at the service, interface or application (i.e. Web Service) that is connected to a particular IoT device. To enable a device to be managed via an application, data is transferred to and processed by the service provider. “For the service certificates, we test a total 26 categories of requirements. Some of them are very complex and go right up to a penetration test designed to identify security vulnerabilities,” adds TUV Rheinland expert Mr. Martin.
IoT Privacy Complete Solution
TUV Rheinland’s Global Competence Center for IoT Privacy offers individual support on all topics related to protected privacy. “We show worldwide product manufacturers and system suppliers specific ways in which they can start reducing data collection to a defined minimum, and in doing so, strengthen their customers’ trust in IoT products,” states Udo Scalla from TUV Rheinland. The Global Competence Center is just one part of the international testing and consulting services offered by the diverse data protection portfolio of TUV Rheinland. The core aspects of the portfolio include certification for data protection and data security of online applications as well as testing and certification of data protection management for a wide range of companies, including certifications offered to health insurance companies and service providers. Further services include sustainable data protection management in line with the EU GDPR, appointment of external data protection officers (DPO) and installation of enhanced IT security management and threat detection system.
About the business stream ICT & Business Solutions
The business stream’s core business areas include IT services and cyber security, telecommunications solutions and HR services, management consulting, data center services and R&D management. With more than 600 specialists around the world, ICT & Business Solutions provides strategic consulting, design and process optimization through implementation, operation and certification of systems.
For more information, visit www.tuv.com/en/iot-privacy.
TUV Rheinland is a global leader in independent inspection services, founded 145 years ago. The group employs 19,700 people around the globe. Annual revenue is more than EUR1.9 billion. The independent experts stand for quality and safety for people, technology and the environment in nearly all industrial sectors and areas of life. TUV Rheinland inspects technical equipment, products and services, and oversees projects, processes and information security for companies. Its experts train people in a wide range of careers and industries. To this end, the company operates a global network of approved labs and testing and education centers. Since 2006, TUV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption. Website: www.tuv.com