Did you know: GDPR compliant IoT platform

A GDPR compliant handling of your data and the data from your devices and machines is important to us. From the server version 47.x onwards the Appliance fulfils all guidelines according to the GDPR (General Data Protection Regulation).

The following features are available for all server instances of Microtronics. No matter whether it is the product M2M platform, MDN myDatanet, Keycode Server or Energy Server.

Table of contents

  1. Categories of users
  2. GDPR regulations and seek user agreement
  3. SSL encrypted communication

Categories of users

When creating a user there will be a distinction between GDPR-liable and GDPR-not-liable.

  • GDPR-liable user
    natural person
  • GDPR-not-liable user / user not subject to GDPR
    interfaces / non-natural person

For users not subject to GDPR (for example interfaces for the API access) the GDPR is not applicable. They have to be marked by the administrator. GDPR-not-liable users cannot login into the Backend of the Appliance.
 
All natural persons must provide an e-mail address. After the creation of a user-account the user has 720 hours or 30 days’ time to activate his account and agree in this process to the GDPR regulations. If this does not happen within 720 hours, the data is deleted again. The 720 hours or 30 days is an adjustable default value.

GDRP - IoT platform - user creation

GDPR regulations and seeking user agreement

Personal data is affected by the GDPR. This includes user data. Depending on the specific application you implement with the technology from Microtronics, this can also affect the data of the devices or machines.

As for example the various wearables that store personal and often even sensitive data about users. Therefore, you can store the concrete formulation of your individual GDPR regulations.

In the settings of the server you store a link to your individual GDPR regulations. As soon as you add this link or make changes on the linked page, you can publish these changes and trigger an e-mail to all GDPR-liable users or natural persons.

They must now agree to the new regulations within 72 hours (default, adjustable). Otherwise, the user is deleted. In addition to sending the e-mail, after logging in a page appears to confirm the GDPR. First, the user must agree to the GDPR regulations. Only then the user can work with the Appliance as usual.

GDRP - IoT Platform - Server

SSL encrypted communication

Encrypted communication via SSL is absolutely essential for GDPR compliant processing. As soon as the user has a possibility to enter data, it is advisable and usually also absolutely necessary to encrypt this communication.

In addition, setting up SSL today is rather easy and can be described as “state of the art”. “State of the art” is mentioned in the GDPR. In many cases it is not clear what is “state of the art” and what not. It can be assumed that an encrypted SSL connection is definitely included.

sichere Kommunikation über https

Does my server already communicate securely via SSL?

That’s easy to find out. Enter the domain of your server into your browser and put https:// in front of it. If this works, try to reach your server with the unencrypted variant http://. An automatic redirection to https:// should take place.

But beware! The preceding https only is no guarantee for a secure connection and certainly does not guarantee that the server is really who it claims to be. You have to check the validity of the certificate. In many browsers this is symbolised by a lock.

How do I set up SSL for my server?

The Appliance supports paid certificates that you can purchase from an authorized certification authority. From server version 45 onwards the free certificates of the certification authority “Let’s encrypt” are additionally supported.

“Let’s encrypt” is a free, sponsored certificate authority that provides SSL certificates free of charge. The certificates are automatically renewed in the background at regular intervals. This regular renewal (usually every 60 days) increases safety. If you want to encrypt your communication with the Appliance or have further questions about GDPR, please contact the Microtronics team!

I want to receive the Microtronics newsletter.

Our Privacy Policy applies.

Leave a Reply

Your email address will not be published. Required fields are marked *