GDPR Compliance and IoT Marketing: Can It Be Done?
Jan 18, 2018
By: Alexandra Barcelona
With Gartner claiming that 8.4 billion IoT devices will hit our homes, streets and workplaces by 2020, the integration of IoT into our personal and professional lives is only going to escalate.
While this is actually great news for marketers, there is one, fairly large obstacle in the way of IoT marketing and innovation.
The European Union’s latest data privacy legislation GDPR, which is set to become law on May 25th 2018, is going to drastically shift how companies around the world collect, process and manage EU user data. With IoT still in its infancy, this is going to pose some challenges for companies who rely upon IoT to communicate with their users and execute marketing campaigns across multiple digital channels.
The GDPR rollout will affect a lot more than just your website. Below we look at the main issues that’ll arise with maintaining GDPR compliance with IoT connected devices and how you can best overcome those issues.
GDPR Vs IoT Marketing
The rolling out of GDPR creates a lot of challenges for companies who rely on the IoT - here are three of the biggest issues that arise that you’ll need to compensate for if you want to stay compliant:
1. Data Location and Real-time Tracking
One of the biggest challenges that those who execute omnichannel marketing campaigns through IoT connected devices will face is the difficulty of tracking and monitoring data collection and storage. When you’re simply collecting data via a website, or an online app, this process is going to be much simpler to manage.
Data collection and storage via a website is typically only going to be taking place in a single location. This makes staying in compliance with the GDPR regulations much easier, as you’re not dealing with an evolving set of protocols.
With IoT connected devices there are many more variables that will have to be in place to ensure the new protocols are met. For example, to stay in alignment with the GDPR you’ll need to know where your data is, along with what data you’re collecting. There also needs to be a process for managing user data, so your users can request their data, or have it deleted upon request.
2. Security Protocols Needed
Overall, IoT devices have less strict built-in security protocols when compared to other forms of technology. With these devices being more hackable there needs to be a process in place for reporting security breaches, as well as an action plan for patching said vulnerabilities.
Hefty fines can be very problematic for your organization, especially when they’re caused by a device-specific hack, and not due to poor security on the end of your app. With IoT integrated devices you can only work with the security measures already in place.
So, to avoid fines it’s important to have protocols in place to handle user notification, as the steps you take after a security issue can help to reduce the likelihood of receiving a fine.
3. User Consent is Harder to Obtain
Obtaining user consent for data collection is a big part of GDPR. Consent needs to be clear, given freely, and be unambiguous. With IoT connected devices, consent can get a little murky. For example, there are a lot of IoT connected devices that don’t have screens. To offset this user consent will have to be baked into the hardware and software processes.
Overall, user consent will have to be taken on a case by case basis. For instance, you may be within the guidelines of user consent just by adding more details to your contracts and terms of service. Other instances may require added pop-up boxes across apps that let users affirm their consent.
With consent, you’ll also need to consider the difficulties in obtaining consent from individuals between and under the age of 13 to 15. Depending on the state and country there are different laws related to their ability to give consent in relation to their personal data. This poses a unique challenge as there are plenty of IoT devices that are used by children.
How To Approach IoT Marketing With GDPR Compliance In Mind
Let’s be frank, nobody has all the answers for navigating the restrictive policies of GDPR, even for “traditional” digital marketing. While that may sound bizarre considering how close we now are to the GDPR deadline (May 25th, 2018), it’s true.
And yet, we’ve got come bright ideas about how to engage in IoT marketing without sacrificing GDPR compliance. Again, since IoT marketing is young and evolving, there is no set course of action, but instead recommended lines of thinking and business practices to help push you towards GDPR compliance.
1. Data Location Tracking and Monitoring Protocols
One of the best places to start is by getting an overarching picture of your customer data. This includes how you obtain customer data, where the data is stored, the ways you use that data, the security measures you have in place, and who is responsible for monitoring and maintaining the security of the data.
This will help you understand exactly where your data is going and how you can manage it across multiple different devices. Depending on the size of your organization you may need to have a data controller in place who will act as the main point of contact within your organization and be responsible for compliance activities.
Whether or not your organization is large enough for a specified data controller position, you’ll need to specify a set process of data collection and maintenance.
2. Built-in Response to Data Breaches
Since IoT connected devices are generally less secure you’ll need to have additional security protocols in place to offset this.
One component of GDPR is “privacy by design” which means your software, app, or technology needs to be designed with stringent data protection protocols and practices in mind. Since you won’t always be able to control this, you’ll need to take added steps to secure any software or apps you’re running on a connected device.
If a data breach occurs and personal data is involved, then you’ll be responsible for notifying all of your users in a timely manner. Failure to have a notification process in place and alerting your users will lead to a fine.
IoT Helps Bridge the Gap
IoT is going to bring tons of benefits into the lives of business owners who are willing to adopt and integrate these new technologies into their business. Integrating IoT technologies into your digital business will help you bridge the gap between the physical and digital world and be on the cutting edge of customer experience.
However, when embracing certain IoT technologies it’s important to take the latest GDPR legislation into account, as it will help shape exactly how you collect and manage customer data over the long term.
By embracing the GDPR regulations you’ll be able to create a much more secure, private, and user-oriented experience. Although the integration of the two poses unique challenges, it’ll ultimately end up strengthening your digital strategy.