{"id":2901,"date":"2017-12-15T19:52:31","date_gmt":"2017-12-16T03:52:31","guid":{"rendered":""},"modified":"2023-05-31T16:21:41","modified_gmt":"2023-05-31T23:21:41","slug":"achieving-gdpr-compliance-in-manufacturing","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/industry\/blog\/manufacturing-and-mobility\/2017\/12\/15\/achieving-gdpr-compliance-in-manufacturing\/","title":{"rendered":"Achieving GDPR compliance in manufacturing"},"content":{"rendered":"

As we prepare for the EU\u2019s General Data Protection Regulation (GDPR)<\/a> to go into effect in May 2018, we look at its effect on compliance in the manufacturing industry.<\/em><\/p>\n

Historically, manufacturers have always relied on analyzing data related to their products, supply chains, vendors, employees and customers to improve insights that will help them transform their businesses. Today, manufacturers across the globe are embracing the benefits of Industry 4.0 technologies, from digital twins of processes enabled by mixed-reality to predictive capabilities enabled by artificial intelligence. These technologies improve manufacturing processes, reduce environmental impact, pre-empt potential asset reliability issues and improve health and safety.<\/p>\n

Along with this innovation also comes an overwhelming amount of data to collect, understand, reason over, and take action on, than ever before. However, unlocking the full potential of the data can sometimes also require navigating unfamiliar or new regulatory requirements.<\/p>\n

\"\"Introducing the GDPR<\/h2>\n

The GDPR is a critical regulatory requirement that manufacturing organizations must plan for.\u00a0The Regulation will apply from 25 May 2018 \u2013 but many in the manufacturing sector may not yet be aware that the law exists, let alone that it may apply to them.<\/p>\n

This is understandable.\u00a0 Just a few decades ago, manufacturing companies collected relatively little personal data.\u00a0 But today, manufacturing firms often do collect data that relates to identifiable natural persons, such as employees, business partners, suppliers, and customers.\u00a0 This type of \u201cpersonal\u201d data is squarely in scope of the new law.<\/p>\n

The GDPR can affect non-European manufacturers<\/h2>\n

Companies heartered in Europe are, of course, aware of the GDPR.\u00a0 However, the GDPR also applies to companies with operations and employees in the Union \u2013 something, which sometimes companies I meet with are not aware.\u00a0 Additionally, one aspect of the GDPR that has surprised manufacturers I meet with is that it can apply to data processing outside <\/em>of Europe, as well as to firms that do not have any <\/em>EU-based establishments.<\/p>\n

It\u2019s true that the GDPR has a long arm.\u00a0 For example, the GDPR applies to processing activities that are related to the offering of goods or services in the EU \u2013 meaning sales of manufactured goods to consumers in the Union can trigger application of the GDPR, even if the manufacturer doesn\u2019t have a facility in the EU.\u00a0 Similarly, \u201cmonitoring\u201d of a customer\u2019s behavior in the Union can also trigger application of the GDPR, which can sweep in activities like collecting data through \u201cInternet of Things\u201d connected products.<\/p>\n

The message is clear:\u00a0 manufacturers, even outside Europe, need to consider their exposure under the GDPR and plan accordingly.\u00a0 While I\u2019m not a lawyer, I\u2019ve personally reviewed the GDPR and worked with my legal team to better understand the potential impact of the GDPR to Microsoft as a manufacturer, as well as Microsoft\u2019s customers in the manufacturing industry. Below is a high-level summary of some of the more obvious potential issues for manufacturers that are on my radar.<\/p>\n

What the GDPR requires<\/h2>\n

The GDPR imposes a wide range of requirements on enterprises in scope, among them:<\/p>\n