ASME.MVC.Models.DynamicPage.ContentDetailViewModel ContentDetailViewModel
! open menuMenu
close menuClose
ASME
The American Society of Mechanical Engineers
shopping cartCart
site searchSearch
close menuClose
! menu iconMenu
close menuClose
10 Ways GDPR Will Affect Engineers, Part 1
Print

10 Ways GDPR Will Affect Engineers, Part 1

Date Published:

Jul 20, 2018

Author:

Agam Shah

Tags:

Advanced Manufacturing Business and Career Support Medical Equipment and Device Manufacturing

Change can be difficult, but sometimes necessary, especially if the impact has wide-ranging potential. Engineering companies are finding that out now as they scramble to comply with GDPR (General Data Protection Rule), a European Union regulation passed in May that gives users more control over their personal data, and how organizations use it.

Under GDPR regulation, EU citizens have a right to know how their personal data is being used, and the "right to be forgotten" by asking companies to remove their personal data. Companies also need to seek user consent before collecting personal data to ensure their data won’t be abused.

18th Annual Cybersecurity Symposium on the campus of U.N.C. Charlotte in October of 2017. Image: Womble Bond Dickinson

GDPR impacts the engineering of products to varying degrees, mostly depending on how much personal data is collected by companies. The regulation especially affects medical-device makers, which can't operate without personal information like health readings. The impact is less on some manufacturing sectors, where historically personal data collected has been relatively limited mostly to employees and contacts at customers and suppliers.

The regulation forces the reexamination of device design, how sensors collect data, and business operations, even if you have only one client in the EU. Safeguards need to be in place or companies risk a massive EU fine. Here are some ways GDPR will impact engineers.

For You: IoT Puts New Spin on Old Product

1) Device Design Changes

GDPR requirements are legal, but there are device design implications as the regulation digs into functional requirements of a system. The regulation requires data protection by default and design, which is a big consideration when engineering devices.

"Simply put, this requires developers to think about potential risks and harms their personal data driven system poses, and to embed technical and organizational safeguards in the technology, to protect the data subjects’ rights from the start," says Lachlan Urquhart, lecturer in technology law at the University of Edinburgh.

2) New Device Considerations

The impact of GDPR can be significant depending on the information control and transport. Medical devices requiring cache personal information, such as name, age, and weight, within the data storage of the device itself, will need to be audited as changes to the software may be required. These may include new routines to remove the records when required by the new legislation, says John Turner, software engineering manager at medical device maker Starfish Medical.

"With the right software design, accounting for the control and limiting the flow of personal information into and out of medical devices, the new standards may have minor to no design impacts," Turner says.

Starfish has work instructions to include the ability to remove patient history. “Typically this is the opposite of current practice for most connected devices,” Turner says. “Patient history provides information that help diagnose and treat most diseases and medical conditions.”

3) Privacy and Safety by Design

Organizations need to consider the privacy implications of a project at the outset and build in compliant processes from the start. Privacy impact assessments also need to be carried out where required by law, says Caroline Churchill, a partner, and Orla O'Hannaidh, an associate, at transatlantic law firm Womble Bond Dickinson.

"The most significant challenge from our perspective, particularly for the manufacturing and construction industry, is the culture change that is likely to be needed," the lawyers state.

Technologies, like sensors that are used to collect data, including personal information, for more efficient manufacturing operations, need to have privacy assessments at the forefront.

The "privacy by design" requirements under the GDPR make it imperative "that manufacturing, construction and healthcare industries integrate data protection measures from the beginning of the engineering process, and continue to maintain and develop such measures on an ongoing basis," according to the lawyers.

See Part 2 to learn more about how GDPR will effect engineers.

Read More:
Drinking the Desert Air
Technology Brings Clean Water and Nutrition to Central America
New Process Embeds Coded Data on 3D-Printed Parts

The most significant challenge from our perspective, particularly for the manufacturing and construction industry, is the culture change that is likely to be needed. Statement from Caroline Churchill and Orla O'Hannaidh, Womble Bond Dickinson
Related Content
Article
Fulfilling a Dream: The Late-in-Life Ph.D.
Apr 16, 2024
Learning Resources Collection
The trend of pursuing a Ph.D. later in life is real. But there are challenges for students who decide to return to the classroom and pursue an advanced degree.
Article
Breakthrough Could Make for Long-Range EVs
Apr 16, 2024
Energy Transformation Collection
A simple method could lead to electric vehicles that can go much father on a single charge, and batteries that last years longer than present technology.
Article
Workforce Blog: We Need to Reimagine Workforce 4.0
Apr 3, 2024
ASME is supporting new strategies to diversify and expand the talent pool.
Article
There’s More to a Job than Money
Mar 18, 2024
Salary is important to mechanical engineers, but high on their career wish lists is jobs with work toward solutions to complex problems for the world at large.

The price of yearly membership depends on a number of factors, so final price will be calculated during checkout.

Continue Browsing View Cart

You are now leaving ASME.org

Continue