Internet of Things and the Legal Issues related to the Data Protection Law according to the new European General Data Protection Regulation

The Internet of Things (IoT) phenomenon needs to consider the legal issues related to the dataprotection law. The IoT is not exempted from privacy and security risks because of the use of technologies that often cannot guarantee an acceptable security level. In the IoT, the main risk for privacy is the profiling that allows identifying natural persons through their personal information. However, regarding the privacy and security risks, there are some issues with potential consequences for data security and liability. The IoT system allows transferring data, including personal data, on the Internet. The IoT ecosystem is evolving and companies are developing applications to provide services based on the blockchain. It is important to evaluate the technical structure of the blockchain to analyse the law impact and the legal issues on data protection and privacy. In this context, it is necessary to consider the new European General Data Protection Regulation (GDPR) that will apply from 25 May 2018. The GDPR introduces Data Protection Impact Assessment (DPIA), data breach notification and very high administrative fines in respect of infringements of the Regulation. A correct law analysis allows to evaluate the risks and to prevent a wrong use of personal data and information.