Unless you've been able to stay away from the media , you have probably heard of GDPR, the new European regulation on the protection of personal data. An ambitious vision that aims to protect consumers, but that is turning into a real headache for businesses. And if almost all sectors are impacted, some will be more than others. It is also the case of the drone business.
You have probably noticed it just by opening your mailbox, GDPR came into effect on May 25th. Now that the dust on GDPR has settled a bit, it is time to have a look at some of the implications for the drone industry. The drone business, which is mainly based on data collection, whether personal or not, will be one of the most affected sectors by this new set of rules. All actors will therefore have to adapt. Here's how GDPR will become a daily concern for them and some of the steps they will eventually need to put into practice.
GDPR introduces a new concept: "privacy-by-design". This means that all objects, like drones, should, from conception, take privacy protection into account. The manufacturers are therefore at the forefront in this area. In the near future, they will have to develop new features for their drones. Among those already mentioned are the securing of transmissions between the drone and its pilot, the automated face blurring of people shot by camera or the installation of a light on the drone that will light up as soon as the camera starts filming or taking pictures.
The drone pilots are undoubtedly the most affected by the new regulation as they execute the data capturing. For those whose photos are likely to contain recognizable people (such as those who work for weddings or make promotional videos), it is already necessary to ask permission beforehand to people that might appear on the images.
Meanwhile, no-fly zones are likely to be created within the European Union. Among them may be areas specifically selected because of privacy sensitivities, such as crowded beaches.
And like all image holders, pilots will also need to make sure that all the data they possess is protected and secured so that no one with malicious intent can access them. In times where all your data gets synced to multiple devices and cloud platforms, drone pilots need to carefully manage all their cloud sync settings. At Inflights we require that our pilots erase all the confidential client data 3 months after the flight. That way the risk of data leakages are kept to a minimum.
Data processing companies
Companies that perform data processing will be in the same regime as all those who handle personal data. As such, they will be responsible for, among other things, being able to secure as much as possible sensitive data and to warn their customers in case of hacking. They will also need to ensure that all file transfers (between them and the pilots or their clients) are as safe as possible.
As a data processing company, Inflights, is directly concerned by GDPR. Even before the new legislation came into effect, Inflights had already put in place a series of measures to secure its customers’ data. Among them: securing the platform (which was tested by belgian defense cyber security specialists) or the use of Amazon AWS: secure, safe and trusted by industry leaders (making sure the data is only accessible through the platform and not via 'open link' sharing).
Inflights also encourages their pilots to make contact with people that might live in the areas they will fly over. By proactively communicating with neighbours of flight locations we address privacy concerns upfront. Lastly, Inflights makes it easy for customers to unsubscribe from the platform, and erases private user data on request.
Yes, we know, all these new rules might sound scary and hard to implement. Changes will indeed have to be made, but if, as Inflights did and will keep on doing, you put privacy at the core of your operations, the new GDPR policy will not have that much impact on your business. So if you are a stakeholder in the drone industry: make sure you adjust your processes to comply.