Industry 4.0 – a new challenge for Big Data!
Big Data, as we have looked upon it during the past ten years, has mostly been about collecting data on the behavior of persons and customers. It is often a question of the processing of large amounts of personal data collected from the use of credit cards, customer loyalty programs, activities on the web or social media etc. Data is often processed for the purpose of customization of product and service- offerings more precisely on an individual level, both on- and off-line, by use of profiling tools. With the introduction of the GDPR in May 2018, new requirements were put in place on how this data could be processed and the industry has since then adapted to these.
Industry 4.0 represents a revolution in relation to the collection of Big Data. The introduction of the Internet of Things (“IoT") combined with Artificial Intelligence (“AI”) increased connectivity with the 5G-networks and the possibility of mobile real-time data imply that large amounts of personal data can be collected and processed in real time. The introduction of connected products and devices in homes and mobile devices such as connected wearables and vehicles result in new sources of data emerging in a pace never seen before. With this new kind of datasets, companies can further refine and customize their product and service offerings. Access to user data will be crucial to the survival of many companies. Companies with access to this kind of user data will gain a competitive advantage and will be able to quickly adapt products and services to the conditions that can be deduced from using collected and processed data.
However, this also includes increased risks both in relation to breaches of the data protection regulations such as the GDPR and to common security risks where competitors and criminals can seek unauthorized access to collected data.
In relation to security risks, managements around the world will face new challenges in order not to incur unauthorized intrusions and cyber-attacks. We have seen examples of how large companies have lost data after intrusions that have since been used by unauthorized persons for criminal activities. With the introduction of the GDPR, the European authorities have received tools to sanction companies with high fines in cases where unauthorized access have been made possible due to lack of proper security levels, such as in the cases of Marriott Hotels and British Airways. Even cases of malware attacks and subsequent ransom demands “ransomware” occur to a large extent and may cause significant harm to companies that do not have adequate safeguards in place. With Industry 4.0, security requirements will also move out of companies, to the end-users. How to protect e.g. a smart home from unauthorized hacking? There must be requirements regarding clear instructions and levels of security in relation to the end-users of IoT-services as well as the companies.
In addition to costly fines from regulatory authorities and ransoms to criminal networks, the result of lost reputation can also be significant. For listed companies with spread ownership, the stock market value may also suffer. The question is who will be held accountable for the economic damage suffered by shareholders, end-users and others?. We believe that there are now major requirements for management and boards of directors to ensure that collected data is kept protected to such an extent that a subsequent review concludes that best market practice have been followed. In many cases, this implies that, in addition to being able to demonstrate that safety routines and safety protection in the form of networks security etc. are in place, companies must also be able to demonstrate compliance with best market practice. This can be achieved through third party certification at appropriate levels, but also by own analysis involving not only data and cyber security advisors but also legal experts who can help demonstrate the levels of security that are advisable.