TÜV Rheinland Announces Protected Privacy Certificate Program for IoT Data and Processes
New Offering Certifies Product Manufacturer and Systems Supplier Conformance with European General Data Protection Regulation (EU GDPR)
Cologne, Germany – November 21, 2017-TÜV Rheinland, a leading international testing service provider for quality and safety, today announced general availability of a new suite of services addressing end-to-end data protection requirements in the rapidly growing Internet of Things (IoT) market. With a first-of-a-kind “Protected Privacy Certificate” program, TÜV Rheinland delivers a unique, material way for product manufacturers and system providers to demonstrate they have been audited and comply with the requirements of the EU GDPR.
The provisions of the EU GDPR, which also include new legal requirements for data protection in product development (Privacy-by-Design), must be implemented by May 25, 2018, following a two-year transitional period. Affected companies that do not comply by that date may be subject to substantial fines and penalties. The EU GDPR applies to products that process or store personal data and are connected to the Internet or communicate independently over the Internet (known as IoT products), as well as suppliers of those products. Product categories include, but are not limited to, smart home products, connected smart toys, and wearable health products such as fitness armbands.
“The market for IoT devices is growing at a rapid rate. At the same time, there is a lot of consumer uncertainty surrounding data protection and security for these devices, which poses a genuine market barrier to manufacturers and system suppliers,” said Udo Scalla, head of the Global Competence Center for IoT Privacy at TÜV Rheinland. “Our certificates establish trust in the IoT market for consumers and manufacturers alike.”
To obtain a “Protected Privacy IoT Product” certificate, an IoT product must be fully assessed against privacy requirements. “Our vetting process focuses on characteristics that are designed to protect privacy and investigates whether, for example, an existing data memory can be deleted and whether data transmission is encrypted. We can test as many as 50 individual parameters, depending on the complexity of the device, all of which are derived from the EU GDPR,” said Günter Martin, solutions director at TÜV Rheinland’s Global Competence Center for IoT Privacy.
TÜV Rheinland’s “Protected Privacy IoT Service” certificate is aimed at the ancillary service, interface or application (i.e. Web Service) that is connected to a particular IoT device. To enable a device to be managed via an application, data is often transferred to and processed by the service provider.
“For service certificates, we test a total 26 categories of requirements. Some of them are very complex and go right up to a penetration test designed to identify security vulnerabilities,” said Mr. Martin.
TÜV Rheinland’s Global Competence Center for IoT Privacy offers individual support on all topics related to protected privacy.
“We show worldwide product manufacturers and system suppliers specific ways in which they can start reducing data collection to a defined minimum, and in doing so, strengthen their customers’ trust in IoT products,” said Mr. Scalla.
The Global Competence Center is just one part of the international testing and consulting service offering within the diverse data protection portfolio of TÜV Rheinland’s ICT & Business Solutions business stream. Other core aspects include certification for data protection and data security of online applications as well as testing and certification of data protection management for a wide range of companies, including health insurance companies and related providers. Further services include sustainable data protection management in line with the EU GDPR, appointment of external data protection officers (DPOs), and installation of enhanced IT security management and threat detection systems.
The ICT & Business Solutions business stream also includes IT services and cyber security, telecommunications solutions and HR services, management consulting, data center services and R&D management. With more than 600 specialists around the world, ICT & Business Solutions provides strategic consulting, design and process optimization through implementation, operation and certification of systems.
For more information, visit www.tuv.com/en/iot-privacy