INDUSTRY WATCH
“THE FINES
ARE 4%
OF GLOBAL
TURNOVER
OR 100,000
EUROS FOR
AN SME.”
forever. But if you take this RegTech
approach to this regulation you’ve
effectively created your base IoT service.
I think the misunderstanding that it’s
not something we have to bother with
is the thing I’d question first. Do you
know that? Because if someone knocks
on your door as a data processor, you
might not be the originator of the data
but you are using it.
My other question to Middle East
companies would be: ‘Are you using
any social web data?’ If you are you
don’t necessarily know that’s European.
What would you use instead of social
web data? What are you going to use
for insight and contextualising what you
are doing as a web company?
Where does the jurisdiction come
from for the EU to fine companies
outside of Europe?
Because it is predicated on what we call
the data value chain, it doesn’t matter
at what point in that value chain that
the breach is known - the information
commissioners have the mechanisms to
follow that through with a full audit.
My worry with Middle Eastern
companies is they will be unsighted and
the knock on the door comes completely
out of the blue because before if you
78
INTELLIGENTCIO
“JUST TO VIEW GDPR’S
THREAT LANDSCAPE, WHICH
IS WHAT PEOPLE ARE TALKING
ABOUT, IS MISSING THE
POINT. IT’S AN OPPORTUNITY
TO LEVERAGE IOT.”
were the data controller you didn’t need
to know what all the data processes
were doing – downstream was not your
concern, it is now. So if that European
data is in any way finding itself into
Middle Eastern organisations they
are going to be even more unsighted
because it is going to be as part of a
breach or a set of changes that ICO
(Information Commissioner’s Office)
wants when it finds itself at the door of a
Middle Eastern country that didn’t even
know that they were involved.
As a territory the Middle East might think
‘it’s one of those European things’ but
the awareness of this is really important.
Is GDPR effectively the first data
protection law?
I think from a European point of view we
have taken the view that our laws and
regulations just can’t keep up. The web
is outstripping our national jurisdictions
and legal frameworks. The Privacy by
Design principles which these regulations
were born from are more web centric
rather than from a territorial point of
view. I see this as a new governance
model for the web – the way in which
privacy should exist on the web. This
is about our web world legislation and
regulation, not really being a tool that
we can put in place quickly or flexibly. I
think it’s the new governance model for
privacy which is why I don’t think it’s just
a European thing.
As I’ve travelled around the world I’ve
had discussions where people have
been saying ‘actually this is doing
the right thing’ and saying ‘this is a
governance model that we should
consider because isn’t this going to be
what our citizens expect’. n
www.intelligentcio.com