The technical possibilities for recording operating data and networking with the sensor technology of devices, machines and systems, for example, prompted the first industrial companies to reorganize their maintenance and control processes years ago. This should not only simplify the ordering of spare parts and raw materials, but also enable predictive maintenance in order to avoid downtime.

After all, remote machine or system maintenance by the manufacturer or service provider is not only convenient for customers and manufacturers alike, but also involves significantly less effort and costs. The form of access was merely a technical issue to be resolved rather than a conceptual one, in which the managing director, as the person ultimately responsible for data protection or the data protection officer, had to be involved as a supervisory body. Which data can be accessed to the left and right of the required information often falls by the wayside - to put it mildly.

GDPR indoctrinates the world of work
Despite the efforts that the GDPR demands of us in terms of procedure directories, documentation obligations and commissioned data processing contracts, it has already achieved one key objective: it has taught our industry to look at our (data processing) processes from a different perspective - even beyond personal data. In times of industrial networking and the Internet of Things (IoT), it has heightened management's awareness of the need for data security along the entire order data processing chain.

Hans-Jürgen Fockel is Managing Director of the IT system house Lanos from Schloß Holte-Stukenbrock.

For many industrial companies, this means embedding the previously more technologically oriented efforts of digitalization in a holistic, conceptual framework that, in addition to workflow control and process optimization on the one hand, also provides for infrastructural adjustments to ensure data security and risk management requirements on the other.

Networks - as secure as the weakest link
Admittedly, there are also examples from industry today that are worth highlighting in a positive light - in our day-to-day work in the system house business, however, we often have to deal with constellations in which glaring compliance deficiencies have to be eliminated or specific requirements - for example in connection with IT refurbishment projects or the integration of complex system landscapes - have to be implemented. Most of these industrial companies have established structures with a wide variety of isolated solutions.

For example, if I operate a blast furnace in a brickworks, then this furnace is an isolated solution in my infrastructure. For mixer control or the production of concrete slabs with cutting optimization, further isolated solutions must be integrated - in addition to the existing machines and systems. Although these systems come together in the merchandise management system at the latest, this must also be integrated into the commercial areas of the company.

If you now open up access to individual stand-alone solutions for external trades from the construction industry, very complex questions quickly arise with the GDPR lens: How is the system accessed? Which data can be viewed? How is access to other data silos secured? Which data is processed? Is anonymization or encryption of the data required? Which data is stored for how long and what are the criteria for deletion? How is the data backed up at the connected company and is this data in turn processed in other trades?

This example is intended to show that when networking IT infrastructures in the course of digitalization, automation or refurbishment projects, the focus is not on the technological connection, but rather on the "trappings" that make up the actual discipline and dimension of the networking and digitalization process. This is because networking and digitalization bring with them many new requirements that entail additional risks for the company and the existing collaboration network. Many companies are overwhelmed by precisely this.

According to a recent survey of more than 500 manufacturing companies conducted by the Fraunhofer Institute for Industrial Engineering, only 6 percent rate their Industry 4.0 capability as highly developed. In contrast, 55 percent of companies state that they first have to develop the foundations for this capability. The main obstacles to the implementation of IT innovations in production are a lack of change capability in the organization and a lack of protection for personal and company data.

Low-risk in-house IT - a discontinued model?
System houses and data centers benefit in particular from the new General Data Protection Regulation. This extensive change in the law and additional requirements have led to more and more companies outsourcing parts of their IT and thus also the operational risks and compliance obligations to data center operators and managed service providers - primarily in order to be able to operate their own IT infrastructure and the associated requirements more securely and economically in the long term.