Since May 25th, 2018, all companies operating in the European Union have to implement the European General Data Protection Regulation (EU GDPR). Among others, the regulation affects manufacturers and suppliers of products that are connected to the internet and that communicate independently via the internet. Now, users of so-called IoT products are in a better position than before to take action against misuse or mishandling of their personal data. According to the experts at TÜV Rheinland’s "Center of Excellence (CoE) IoT Privacy", in which the globally active testing service provider bundles its IoT testing activities for data protection and data security, there is still a need for action in implementing the EU GDPR.

"While providers and users are naturally moving in the same direction when it comes to data security and both sides want to avoid hacker attacks, there is a conflict of interest when it comes to data protection. Providers want to know as much as possible about their customers and users want to protect their privacy," explains Günter Martin, Chief Technology Officer at the CoE IoT Privacy at TÜV Rheinland.

The EU GDPR, for example, provides for data minimization: Personal data must be limited to what is necessary for the purposes of processing. "This demand for data minimization should already be taken into account in the product design. Technically, the device should only be able to supply data that is needed for the agreed purpose and that cannot be collected by other means. Our practice shows that there is still a lot of catching-up to do on the part of the manufacturers", Martin continues. The same also applies to password security, encryption and update processes. Günter Martin is particularly critical with regard to the EU GDPR with regard to the data protection declarations used in some cases. "According to the EU GDPR, the processing of personal data is always subject to a purpose limitation. However, consents are often formulated too comprehensively and allow data to be used for purposes that have nothing to do with the actual application," says Günter Martin.

Security in the digital world: "Trust IoT – from start to finish" as an end-to-end solution

Data protection and trustworthiness of digital systems as well as smart products are crucial for innovation and trust in manufacturers and vendors. "Our services as an independent qualified body can contribute to making digital services and smart products more secure. With our tests of consumer data protection we can create market comparison opportunities that strengthen confidence in manufacturers and at the same time stand for security in the digital world", says TÜV Rheinland expert Günter Martin.

Since 2017, TÜV Rheinland’s CoE IoT Privacy has been globally offering a service package that meets the requirements of end-to-end data protection in the fast-growing Internet of Things market. The portfolio includes two innovative data protection certificates. In addition, TÜV Rheinland’s "Trust IoT – from Start to Finish" end-to-end solution service can also help manufacturers and system providers meet all professional requirements in terms of compliance, interoperability, functional security, and IT security.

Further information can be found at

Über TÜV Rheinland

TÜV Rheinland is a global leader in independent inspection services, founded nearly 150 years ago. The group maintains a worldwide presence of more than 20,000 people; annual turnover is EUR 2 billion. The independent experts stand for quality and safety for people, technology and the environment in nearly all aspects of life. TÜV Rheinland inspects technical equipment, products and services, oversees projects, and helps to shape processes and information security for companies. Its experts train people in a wide range of careers and industries. To this end, TÜV Rheinland employs a global network of approved labs, testing and education centers. Since 2006, TÜV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption. Website:

Firmenkontakt und Herausgeber der Meldung:

TÜV Rheinland
Am Grauen Stein
51105 Köln
Telefon: +49 (221) 806-2148
Telefax: +49 (221) 806-1567

Antje Schweitzer
Pressesprecherin Fachpresse
Telefon: +49 (221) 8065597
Fax: +49 (221) 8061760
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.