What's Next in The Increasingly Complex World of GDPR: Implications for IoT at IT Expo


This week at IT Expo in Ft. Lauderdale, Florida, one of the hottest topics was compliance with privacy legislation, including the General Data Protection Regulation (GDPR), a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

GDPR will have their first anniversary this year on May 25, and industry observers are closely watching for changes to the legislation, or more to the point – more emphasis on compliance.

“Now that GDPR has gone into effect, how have the new rules impacted businesses and customers and what should you expect to see going forward with regards to data privacy and security?” asked Akshay Sharma, industry analyst and principal at neXt Curve. “What new requirements may be coming? How many applications will regulations apply to?”

Sharma was joined by Karan Zaveri, CTO of 24/7 Software, and Ron Romanchik, Chief Revenue Officer for Call Cabinet, as they explored a number of interesting use cases where private personal information is shared.

Zaveri kicked off the discussion sharing insights about the intersection of physical security and digital data collection, citing the many ways in which consumer information is collected as part of applications in sports arenas and other public venues.

“We collect a lot of personal information at football games, for example,” Zaveri said. “This includes data associated with problems at the stadium, for example, fans who may drink too much alcohol and may be arrested by law enforcement.”

Zaveri cautioned that as more and more businesses grapple with GDPR, which 24/7 Software did when they were selected to provide services for large events in Europe last year, it’s important to be clear on what GDPR compliance really looks like. “GDPR can impact the entire organization – it matters across training, applications, and services. It’s important to define how organizations are collecting this data, and who is the controller and who is the processor. There are certain things you have to do as a controller and processor, and this needs to be worked out between customers and their providers.”

Sharma and Zaveri also discussed the right of individuals to prevent the collection of their data or to have their data forgotten. “It has to be very clear, on every website, what data may be collected. For smaller companies, data protection officers are not required, but larger companies and enterprises, it’s important to consider putting data protection officers in place, experts in GDPR and other regulations.”

Romanchik spoke about call recording, which generates an increasing amount of data through voice calls, which are still the most popular channel for engagement between businesses and their customers, even as multi-channel contact centers and other communications applications grow.  CallCabinet provides solutions for all call recording needs to support global regulatory compliance with various regulations.

“Recorded calls are considered data, and we’re constantly looking at how GDPR applies to that,” Romanchik said. “GDPR also covers text messaging and even screenshots, and GDPR is going to apply to all information captured, stored and analyzed.”

Romanchik said while GDPR is the most talked about legislation, the new California privacy act, and legislation happening in Australia are coming up. “With Canada following many of Europe’s initiatives, we’re going to see more coming out of Canada this year.”

Compliance is driving an industry of over $200 billion in consulting and services, including Sarbannes Oxley (SOX), PCI, HIPAA and more. Romanchik expects this to continue to grow as we continue to collect more and more data, and analyze it, including using AI to generate additional business value.

Romanchik pointed out that GDPR not only effects the EU but the entire world, as it applies to any business anywhere that interacts with EU citizens and pointed out that $321 BILLION in fines have been levied since 2008, well before GDPR went into existence.

“The world’s most valuable resource is no longer oil,” Romanchik said, “but rather data.”

When it comes to impacts of GDPR in this new year, the panel shared these trends:

  • States across the US are starting to strengthen their own data processing laws in ways that reflect the approach of GDPR
  • These laws will require companies to disclose the type of data they collect, who it is shared with and how it is stored
  • These laws will also require that consumers can easily opt out of data being stored, sold or shared
  • Companies like Google, Facebook and other dot-coms located in Silicon Valley will continue to invest in increasing privacy protections; this includes Apple who announced this week a flaw in their popular Facetime app (which was allowing those initiating group video calls to be able to listen in before the call was picked up)

The panel made several recommendations to companies building their GDPR and other compliance strategies:

  • Make sure your consent protocol is crystal clear to inbound visitors (online and calls)
  • Wear your compliance as a badge of honor
  • Focus more on your existing customers
  • Determine which elements consumers deem to be a worthy exchange for their personal data
  • If a consumer reaches out with a data erasure or change request, make it a positive impression and use it as a competitive advantage for your company

Sharma concluded the session with a discussion on AI and how analytics will be applied to interactions (voice, text, bots, personal assistants like Alexa, and more), and how increasingly popular platforms for telemedicine and capture of medical data from wearables need to consider privacy from the ground up. 

Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Ken Briodagh

Special Correspondent

Related Articles

IoT Security: Still a Problem

By: Gary Audin    11/30/2021

Poor IoT device security stems results from manufacturers' goal to keep price points low. Security is considered an unnecessary overhead. The limited …

Read More

BrainChip Announces Partnership With MegaChips

By: Luke Bellos    11/26/2021

BrainChip Holdings and MegaChips announced a new business partnership, allowing MegaChips developers to utilize the Akida processing platform to devel…

Read More

Pandemic Puts Industry 4.0 in Perspective

By: Maurice Nagle    11/22/2021

Industry 4.0 is no longer a point on a compass, or a catchy buzzword, analysts inflate. It is taking flight on wireless technology. Richardson RFPD, A…

Read More

Twinning and Winning: Two Experts Duke Out the Definitions and Potential of Digital Twin Technology

By: Matthew Vulpis    11/19/2021

Last week, two top experts in the field virtually came face-to-face in the "Digital Twin SMACKDOWN" in the first episode of ZEDEDA's Transform Digest …

Read More

FAA Warning Triggers 5G Delays for AT&T and Verizon

By: Maurice Nagle    11/4/2021

Today, Verizon and AT&T announced delays in rolling out 5G services, based on warnings from the FAA of aircraft interference.

Read More