An Analysis of Economic Impact on IoT Industry under GDPR

Junwoo Seo,Moosung Park,Kyungho Lee,Mookyu Park,Kyoungmin Kim

doi:10.1155/2018/6792028

Junwoo Seo, Moosung Park + Show 3 more

Open Access

https://doi.org/10.1155/2018/6792028

Copy DOI

Abstract

The EU GDPR comes into effect on May 25, 2018. Under this regulation, stronger legislation than the existing directive can be enforced. The IoT industry, especially among various industries, is expected to be heavily influenced by GDPR since it uses diverse and vast amounts of personal information. This paper first analyzes how the IoT industry handles personal information and summarizes why it is affected by GDPR. The paper then uses the cost definition of Gordon and Loeb model to estimate how GDPR affects the cost of IoT firms qualitatively and uses the statistical and legal bases to estimate quantitatively. From a qualitative point of view, GDPR impacted the preventative cost and legal cost of the Gordon and Loeb model. Quantitative view showed that the cost of IoT firms after GDPR could increase by three to four times on average and by 18 times if the most. The study finally can be applied to situational awareness of the economic impact on the certain industry.

Highlights

On April 14, 2016, the European parliament passed the General Data Protection Regulation (GDPR). is regulation strengthens the privacy rights of information entities and ensures that personal information is freely transferred among EU member states
Amidst a variety of industries, this paper focuses on the IoT industry, which collects and analyzes vast amounts of information from users
Is section analyzes the economic impact of the IoT industry. e paper uses the cost definition of the Gordon and Loeb model to estimate how GDPR affects the cost of IoT firms qualitatively and uses statistical and legal basis to estimate quantitatively

Summary

Introduction

On April 14, 2016, the European parliament passed the General Data Protection Regulation (GDPR). is regulation strengthens the privacy rights of information entities and ensures that personal information is freely transferred among EU member states. One can know which industries violate the regulation It describes the Mobile Information Systems security issues of the IoT industry that is strongly relevant to GDPR. E FTC provided comments on the concerns of privacy breaches of IoT devices and the direction of information protection activities related to IoT through the “Benefits, Challenges, and Potential Roles for the Government in Fostering the Advantage of the Internet of ings [16].”. The paper selects four average personal data breach cases to analyze the economic impact of the GDPR on the IoT industry.

Number of breached personal Annual turnover of a firm information

Findings

Cost of reputation effect