Imagine that as you arrive at the office in the morning, your phone connects to the building’s smart network system; it automatically detects that the battery of your electric car is low, and leads you to the nearest empty fast charging adapter in the garage. Sounds like the future? We already have all of the above technologies; they only need to be connected and synchronized.

The benefits of applying smart systems are obvious: they increase the user’s satisfaction. Smart systems also offer new options to decrease the energy consumption of the building and even to increase the efficiency of building operation. Users are seeking smart solutions, while developers are apparently ready to satisfy such an increase in demand.Nevertheless, a substantial number of smart systems are already operating and collecting data about the users of buildings and monitoring the users’ activities. Existing technologies offer automated visitor management solutions that allow customers to be automatically greeted and notify the correct employee to provide the best service. Retailers monitor shopping habits of their customers and they may even offer them personalized discounts or marketing materials based on the above.

Considering the past few years’ growth, it is clear that smart systems are becoming increasingly popular and the use of these technologies will only evolve. Nevertheless, smart building systems will only reach their full potential if the substantial volume of data collected is shared between multiple network users and devices connected to the same system. While many developers see only the opportunities in the introduction of these new technologies, there are also risks that need to be addressed before introducing new smart building systems.Generally, smart building systems collecting and processing information about their users should comply with the current data protection regulations. One of the key elements of compliance is that collecting of personal data requires the free and informed consent of private individuals. If the operator of the smart system lacks the appropriate consent of users, it bears the risk of non-compliance with the data protection regulations. Not only the consent of users is required, but they should also be informed of the exact data collected, the purpose of the data collection and it must also be clearly regulated with whom the data may be shared. According to our experience, as buildings are usually owned, used and operated by multiple parties, responsibilities are not clearly regulated among them. Even more importantly, the allocation of risks in the case of non-compliance is, in some cases, also not clearly regulated. A further requirement is that any data collected shall be kept safe and secure.

To prevent unauthorized access of the data collected, operators must keep up with the latest technological developments and maintain their infrastructure. Security risks and vulnerabilities may not only be reduced by upgrading the technical background, but also by the proper training of the personnel involved in data handling. Training employees and introducing protocols about how to handle security breaches most effectively can also reduce the harm caused by an unauthorized access.In light of the constant development and introduction of new smart building technologies, it should also be considered that less is, in some cases, more. Although it is appealing to use personal data that has already been collected by new systems for new objectives, it must be born in mind that the original consent of private individuals does not cover the new purpose of the data processing. Even if numerous smart systems are operating, collecting of personal data should be kept to the minimum. Otherwise, there is an increased risk that such data is not stored, processed and used in a proper way.But why should these general principles be considered with utmost care when developing a new building with smart building systems, or applying new systems to an existing one? The new General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) enters into force on

May 25, 2018, and amends the sanctioning system for non-compliance significantly. In the case of non-compliance, a potential fine of up to EUR 20,000,000 or in the case of a company, up to 4% of the annual worldwide turnover of the preceding financial year, may be imposed, whichever is greater. Therefore, companies already using or intending to use smart building systems need to start to consider how to comply with the new data protection regulations.

This article was first published on