The EU GDPR comes into effect on May 25, 2018. Under this regulation, stronger legislation than the existing directive can be enforced. The IoT industry, especially among various industries, is expected to be heavily influenced by GDPR since it uses diverse and vast amounts of personal information. This paper first analyzes how the IoT industry handles personal information and summarizes why it is affected by GDPR. The paper then uses the cost definition of Gordon and Loeb model to estimate how GDPR affects the cost of IoT firms qualitatively and uses the statistical and legal bases to estimate quantitatively. From a qualitative point of view, GDPR impacted the preventative cost and legal cost of the Gordon and Loeb model. Quantitative view showed that the cost of IoT firms after GDPR could increase by three to four times on average and by 18 times if the most. The study finally can be applied to situational awareness of the economic impact on the certain industry.
ASJC Scopus subject areas
- Computer Science Applications
- Computer Networks and Communications