Rutronik News

GDPR: What do software and hardware developers need to know?

Created by Bernd Hantsche, head of the embedded and wireless division at Rutronik |   Rutronik

May 25, 2018 is the deadline for implementing the European General Data Protection Regulation (GDPR). After this date, practically all companies that process personal data will have to have implemented extensive measures to protect this very data. And this doesn’t just affect European companies! The GDPR applies worldwide to all companies with a subsidiary in the EU.


Key articles of the GDPR for developers

Two articles are of primary significance to hardware and software developers, product managers, and buyers:

  • Article 25: "Data protection by design and default"
  • Article 32: "Security of processing"

Here, the regulation stipulates that data directly and indirectly related to individuals must be encrypted. At the same time, it is necessary to consider aspects such as the actual status of the technology, the implementation costs, and the manner, extent, circumstances, and purposes of the data processing operation as well as the seriousness of the risk and the probability of an incident occurring. However, this leaves many questions unanswered, for instance:

  • What kind of data is directly or indirectly related to an individual?
  • When are certain components and systems considered 'state of the art'?
  • What kind of encryption is needed? Must there be asymmetric encryption always and everywhere using RSA or is it sometimes sufficient to use the AES process, ECC, or the hybrid SSL/TLS encryption? And if so, when?

Individual support instead of a simple checklist

Anybody looking for answers on Internet forums, however, tends to get scared of not being able to meet the requirements. Many are already anticipating a wave of written warnings and this fear isn't exactly unfounded. Yet panicking will not help to solve the situation. Instead, appropriate measures must be taken, but which ones will meet the requirements of the GDPR?

This question cannot be answered with simple guidelines or checklists. That's because there are different threat scenarios for each application and device. Rutronik's GDPR team of experts provides individual support.

The specialists in storage, wireless, embedded boards and embedded systems, security modules, microcontrollers, displays, and sensors advise customers on how they can securely manage data transfer, data storage, and data processing for their applications.

Based on the aspects critical to security, the threat scenarios, and the risks associated with each application, the team draws up an individual GDPR-compliant system concept. This embraces all components and systems of relevance to the security of this application:

  • Storage systems
  • Wireless chips and wireless modules
  • Embedded boards
  • Microcontrollers
  • Power supplies
  • Displays
  • Sensors
  • Special security modules

What is social engineering?

There is another dangerous trend against which measures also need to be taken: social engineering. This involves crooks simply spying on PINs or passwords with binoculars, stealing keys to open doors, or thieving RFID transponders in order to use access-protected devices. By doing so, they can get around any PIN and any sophisticated password.

Protection against social engineering comes in the form of special displays with a particularly narrow angle of vision, biometric eye and fingerprint sensors, and 3D camera systems for facial recognition. Choosing the best wireless protocol and employing mechanisms that identify malicious codes when the system boots up also make life much more difficult for the crooks.

Security above and beyond GDPR requirements

With any security concept, it is essential that all components are made compatible with one another. That's because some are dependent on each other or generate reciprocal effects. As a broadline distributor, Rutronik has the components and solutions as well as the expertise to look at systems in their entirety and put together comprehensive security concepts - even above and beyond the requirements of the GDPR. After all, security is ultimately also a must for applications in the field of Industry 4.0 and the Internet of Things!

Security aspects in compact form

Hardware and software developers, product managers, and buyers can find all the important aspects relating the security and the implementation of the GDPR in the white paper "Security Aspects - Whitepaper on How to Make State of the Art Electronic Designs". These include:

  • The relevant articles of the GDPR
  • Background knowledge on cryptography and encryption and wireless technology
  • Explanations on phenomena such as silent data corruption, social engineering, and ultrasonic beaconing
  • An overview of security features in standard and automotive microcontrollers
  • Tips on selecting security-related products and solutions: security ICs, microcontrollers, wireless chips and modules, storage systems, processors, embedded boards, software solutions, power supplies, fingerprint scanners, facial and iris recognition solutions, access systems with RFID scanners, RFID identity cards, and 3D facial recognition systems

Find components for secure applications at