Will IoT Chain (ITC) serve as a solution for the new upcoming EU General Data Protection Regulation (GDPR)?

This Medium article provides readers with information about the EU GDPR, the benefits and solutions that ITC can provide for several GDPR requirements.

Nowadays there are many reports about privacy breaches and associated privacy fines and penalties are continuing to increase. There are many projects and ICO’s, but which of them can help organizations to be in compliance with the new upcoming EU GDPR?

1. The EU General Data Protection Regulation (GDPR)

The EU GDPR replaces the Data Protection Directive 95/46/EC that has been in force since 1995. The GDPR is designed to harmonize personal data protection laws that provide privacy protections across the European Union and reshape the way enterprises approach data privacy. Every enterprise that has the personal data of an individual who is located in the EU needs to be in compliance with the GDPR by 25 May 2018. If an enterprise is not in compliance when a GDPR supervisory authority conducts an audit, the enterprise faces large penalties, up to €20 million, or up to four percent of the enterprise’s total worldwide annual revenue for the preceding financial year, whichever is greater.



The GDPR contains more requirements than the EU Data Protection Directive 95/46/EC and is not isolated to the European Union. GDPR applicability makes a global impact. When GDPR goes into effect, all enterprises that have any type of personal information within EU countries need to comply with the hundreds of associated requirements within the 99 articles. Hundreds of millions of enterprises worldwide need to be in compliance with the GDPR by the 2018 deadline or face severe penalties. If enterprises have not begun work to meet all compliance requirements, they must start now.



GDPR is applicable to most large enterprises and to a significant portion of small-to-midsized enterprises. Therefore, it is imperative that practitioners and organizations understand the GDPR requirements, or they find a way to be in compliant with the new upcoming EU GDPR. ITC can serve as a solution for several GDPR requirements that are applicable to enterprises.

2. ITC and specific GDPR principles

2.1 SECURITY SAFEGUARDS PRINCIPLE



Data controllers/data processors are generally required to ensure that appropriate security safeguards are in place for all information throughout the enterprise and the entire information life cycle, in any location where it is processed.



ITC will return data sovereignty to users, the main chain will serve to manage data and the transfer of information. From a technical standpoint, ITC combines asymmetric cryptography and a distributed structure to store information without a data center. This not only solves equipment security problems but also protects device and user data, sovereignty, and privacy. This will help practitioners to Hackers would not be able to maliciously control equipment, giving users the confidence that only they have access to their smart devices. Data controllers/data processors can ensure appropriate security safeguards by making use of this main chain.

2.2 LEGITIMATE PURPOSE SPECIFICATION AND USE LIMITATION PRINCIPLE

This generally requires that data controllers/data processors clearly describe to data subjects and data protection authorities, as appropriate, the purposes for collecting information and then limit information processing to only those purposes.

Business data is largely provided by consumers, the ITC team will return data sovereignty to users. By giving control of data back to users, it becomes even more meaningful and valuable. This will help enterprises to be compliant with the articles and regulations related to purpose specification and limitation principles. In order to return the value back to users, the team explains that data ownership will be secured on the blockchain. As people use more and more connected devices, large amounts of data will be generated. Companies and platforms such as search engines, social networks, and online retailers need access to this data to make better business decisions and train artificial intelligence. These platforms can utilize data on IoT Chain’s network, but they first need to obtain user consent. They also need to identify what value is created by their use of the data, and provide a percentage as payment back to the user. This project will give data sovereignty back to its users, organizations will automatically restricted to purpose specifications and limitation principles.

2.3 SECURITY AND PRIVACY BY DESIGN PRINCIPLE

Data controllers/data processors are generally required to document the enterprise privacy philosophy and its supporting policies and procedures by which the enterprise performs business activities with built-in security and privacy protections.



IoT Chain will resolve the problems of equipment safety and data security, this will help data controllers/data processors to built-in security and privacy protections. The ITC team believes that security is a game of cost. At a certain point, hackers will give up if the cost is too high. The reason why hackers love traditional Internet systems is because control is often centralized to a single server or cluster. Thus, hackers only need to gain control of one or a few servers to impact a large number of connected services which is relatively inexpensive. Blockchain technology can solve this problem. People often associate blockchain with decentralization. Removing centralized points of control helps secure connected equipment. For example, a user who owns a connected camera can authorize access to a specific set of mobile phones. Due to the nature of the blockchain, control of the camera is not placed in the hands of a single server. Hacking a single node would not provide control of the camera; hackers would need to gain significant control of the network which would be incredibly difficult and expensive. This means of decentralization acts as a strong deterrent for bad actors and increases the security of the online environment, this will help data controllers/data processors to set policies and procedures for security and privacy.



2.4 CHOICE AND CONSENT PRINCIPLE

When data controllers/data processors collect personal information from data subjects, the data controllers/ data processors should describe choices that are available to the data subjects and obtain appropriate consents, in ways appropriate to the context of each situation.

To be in compliance with the GDPR, organizations can use the IoT Chain architecture to establish a clear data structure within the organization. The IoT Chain architecture provides a safe environment for a data economy. Currently, IoT Chain is returning value back to users using a C2B2B model. After obtaining user authorization, data service providers will receive access to the data. At this point the user will know the choices that are available to data subjects, this is one of the important regulations within the upcoming new EU GDPR. They will then cooperate with companies that have a need for that data. These companies will transfer a portion of the value generated by its use back to the service providers who in turn pay users as per agreed upon contracts. Data can be classified by security and sensitivity. For insensitive data, the service providers can work with users to help create value. The IoT Chain architecture provides a safe environment for a data economy. They are developing semi-homomorphic encryption among other technologies to help ensure secure data management. This will help practitioners within the IoT market to be in compliance with the new upcoming EU GDPR.