Much is being said and written about large data volumes entailed by the rise of networking in almost all sectors of the economy. There’s no doubt about it: the use of modern-day digital technologies in all parts of a company and the collection of big data offer significant potentials for large and small companies alike.
Amidst the general euphoria regarding the new opportunities opened up by Industry 4.0, however, a due awareness of the risks and limitations inherent in this development is also imperative. One keyword in this context is data protection. Not least, the EU’s General Data Protection Regulation (EU-GDPR), which comes into force on 25 May 2018, means that more and more companies are having to think hard about their data protection management. A data protection management system (DPMS) is increasingly regarded as a competitive advantage.
Relevant for production companies, too: the EU-GDPR
For production companies, it’s worth taking a look at the EU-GDPR. Although not much has changed regarding the fundamental principles previously applying in data protection legislation, even under the EU-GDPR, there are some innovations that are being used for processing data in Industry 4.0. These relate primarily to technical data protection.
In this context, one of the provisions outlining the relevant protection goals is Art. 32 GDPR. Criteria are described there that are relevant to the selection of technical and organisational measures designed to ensure that the protection goals are achieved. These include resilience of the systems and services involved in processing personal data.
In addition, the terms “data protection by design” and “data protection by default” (Art. 25 GDPR) illustrate the relevance of technical and organisational data protection.
“Data protection by design” already incorporates data protection and security at the development stage of IT systems. In the case of “data protection by default”, conversely, the focus is on the settings installed in the IT systems concerned.
Data protection risks in the smart factory
In a smart factory, risks primarily arise when processing personal data relating to staff and customers. Every case of networking between humans and production and logistical systems may lead to personal data being acquired, processed and under certain circumstances transmitted together with other data. Not least when customised products are involved, for example, when data from the production or logistical control systems can be linked to a particular customer.
Risks for data protection in the intelligent factory are entailed not least by staff assistance systems such as tablets, data glasses or hand-held data terminals. Instruments of information and communication technology can support staff in avoiding errors by providing them with appropriate information. Personal data, however, may be used solely for optimised planning, but not for measures relating to employment legislation. This must likewise be borne in mind when using new technologies in production operations.
The increasing acquisition and processing of large data volumes, and the high degree of autonomy and decentralisation for self-organised systems in Industry 4.0, are factors that may become problematic in the context of data protection. If staff or customer data can be traced, protective measures have to be taken. Effective data protection must, all experts concur, already be implemented at the technical level. The EU-GDPR offers some useful approaches here.
Initial steps towards data-protection-compliant embracing of Industry 4.0 most definitely include transparency for staff and customers regarding the technology being used, and appropriately qualified data protection officers who also keep an eye on the field of data acquisition and processing in the context of Industry 4.0.
You will acquire more information on data security in the era of Industry 4.0 and the EU’s General Data Protection Regulation in the workshops at the METAV 2018, which are being jointly hosted by the German Association for Quality (DGQ e.V.) and the German Society for the Certification of Management Systems (DQS GmbH). Information and registration under www.dgq.de/u/METAV2018.
