The manufacturing sector is increasingly turning to automation and innovative IT based solutions to drive efficiencies and improve the way factories operate. The sector already outperforms other sectors in terms of productivity and the increased use of these technologies will only cement this position.
These solutions result in the production of a wealth of valuable data which needs to be analysed, managed and stored. The recent Wannacry NHS cyber-attack highlighted the importance of keeping data secure and the devastating impact of failing to do so. Against this backdrop, the law in this area is changing rapidly with the latest development being the new Data Protection Bill which was announced by the government on 7 August 2017.
In what has been referred to as the fourth industrial revolution, manufacturers are investing significant sums in automating equipment and machinery and enabling those items to talk to each other using Internet of Things solutions. These solutions can improve the speed and accuracy of manufacturing, reduce waste, predict and identify faults using sensors and alarms and improve health and safety. They often involve the collection of real time data from the factory and supply chain which can be used to reduce costs and increase profit. However, the connected factory is not without risk.
The data collected using these technologies may be commercially sensitive and the IT systems which connect equipment and machinery could be central to the running of the factory. This makes manufacturers a potential target for cyber criminals who seek to exploit weaknesses in IT systems for example through ransomware or distributed denial of service attacks.
Manufacturers must therefore start to address real risks which until recently have not existed. Practical steps include keeping IT systems up to date, staying on top of software updates/patches, and investing more time and resource into implementing and maintaining security measures. Manufacturers should also ensure contracts with suppliers are robust and require the implementation of security measures to keep data safe.
The law is evolving quickly to keep pace with technological advances. On 7 August 2017, the government announced its new Data Protection Bill and from 25 May 2018, the General Data Protection Regulation (GDPR) will come into force. The GDPR will affect all manufacturers because they will hold personal information about employees, customers and suppliers.
The GDPR imposes stringent obligations on organisations that fail to comply and depending on the breach fines of 4% of global turnover or €20,000,000 (whichever is the greater) could be levied.
The technologies being employed by manufacturers may involve the collection of significant volumes of personal information. For example, technology which measures output on a production line might enable individual worker data to be analysed.
Manufacturers will need to ensure that they are transparent about the personal information that is collected using these technologies by updating privacy notices and ensuring those notices comply with the GDPR. They will also need to ensure that contract terms are put in place which meet the requirements of the GDPR.