European Union (EU) water and energy utilities generate, collect, as well as process raw operational data and customer data through smart devices such as smart meters and smart pumps into meaningful optimization strategies. New technologies such as Industrial Internet of Things (IIoT) technologies coupled with dynamic market conditions are aiding the growth of utilities. Companies are focusing toward data-driven strategy that is resilient to market uncertainties. However, with the adoption of General Data Protection Regulation (GDPR), water and energy utilities are faced with the greater challenge of maintaining data protection and privacy for their customers. Europe is expected to increase installation for water smart meters by 25%-30% in the next 7-8 years from the current installed base of 10 million units. In addition, by 2020 EU plans to replaces 80% of electricity meters with smart meters. Electricity and gas sectors are expected to witness installation of additional 200 million and 45 million smart meters, respectively, by 2020. Unless cognizant of the requirement, functions and caveats of GDPR, utilities will face hurdles in implementing their strategies concerning connected devices.

What is General Data Protection Regulation?

General Data Protection Regulation (GDPR) is an EU regulation pertaining to data ownership, protection of the European Union citizen’s personal data. Adopted on April 27, 2016, GDPR will replace 1995 Data Protection Directive (Directive 95/46/EC), when it becomes enforceable from May 25, 2018. The compliance requires EU companies to protect and provide privacy to the individual’s personal data. The extended scope includes non EU companies that process data of EU residents. However, data processed for national security and employment context are exempted and are subjected to individual country regulation.

Key Definition and Guidelines of GDPR impacting the Utility Companies

GDPR has following definition and guidelines affecting the data of EU citizens:

  • Definition of personal data under the GDPR: The definition applies to any information relating to a person, which could be used to directly or indirectly use to identify the person. It includes name, identification number, location data or online identifier among others. This means that utilities utilizing the location data of customers to enhance the customer experience will have to inform customers about the purpose of data.
  • Definition of Data Processing under Article 4(2) and (6) of the GDPR: It includes collection, recording, structuring, storage, transmission, dissemination, and destruction, retrieval of personal data among others by manual or automated means. For utilities companies, collecting, storing and transmitting of customer data from smart meters within the company or to a third party data management service provider requires consent of the customers. Under article 29 of working party opinion 03/2013 on purpose limitation (WP 203), companies are obliged to let the customers know the purpose of processing of personal data.

Impact of GDPR on Smart Meters and Smart Pumps

With increased adoption of IIoT technologies such as Big Data, cyber security, cloud migration and computing by European water utilities, there is an unprecedented requirement for smart and connected devices such as smart pumps and smart meters. Besides enabling remote monitoring, smart pumps or pumps with variable frequency drives (VFD) result in substantial reduction of energy cost as well as downtime cost for the total pump life cycle. Predictive analytics based on the data generated by smart pumps is enabling energy-efficient pumping solutions for end users. Similarly, data generated by smart meters are enabling water utilities to understand the customers’ water usage pattern, pinpoint water leakages in the pipeline, and track abnormal wastages. Water and Energy utilities, albeit at a nascent stage, are adopting the benefits of data generated by smart meters and are working towards building efficient advanced metering infrastructure (AMI). On the whole, smart pump and smart meter are expected to become a vital infrastructure for water utilities in optimizing and transforming the sector.

Listed below are a few implications of GDPR that are expected to impact the growth of smart pumps and smart meters by water and energy utilities.

  • Smart Meters were developed as part of the energy market integration process as part of the 2009 Third Energy Package. EU provided the residents with the right to switch service providers and have clear understanding of the energy bill produced. Furthermore, 2012 Energy Efficient Directive (EED) with its guidelines on measurement of metering and billing, made smart meters critical component in implementing the directive. In addition, 2016 Clean Energy Package aids the fundamental change for the EU utilities market, where decentralization and higher level of flexibility through smart meters are given importance. However, with the imposition of GDPR coupled with lack of procedure to provide customers with purpose and process of data management, there is an anticipated drop in the level of adoption of smart meters by the customers. This impacts the basic purpose of smart meters and strategy of the energy directives.
  • Data Portability and Right to be Forgotten: Under article 29 of the GDPR, customers have the right to switch between service providers and the same time decide what amount of data to be transferred to the new service providers and what amount of data to be forgotten. This will mean that utility service providers have to invest substantially in making the current IT infrastructure robust and adaptable to customers’ requirements. Investment will be in millions for these utilities, which have so far focused only on improving operational efficiency through their 5-year strategy plans.


Implementation of GDPR will be a key strategy imperative for companies with business in EU. Framework related to data portability and right for customers to be forgotten will largely impact the sectors using smart devices. GDPR will enable usage of smart devices such as smart meter and smart pumps with greater security and privacy of the data. Utility companies will have to invest infrastructure, systems, process, and people to gain visibility over data management. This would mean understanding how the data are used and why, followed up by regular audits and different authorization and access levels for data management by the utility companies. In addition, as mandated by GDPR, companies are required to appoint a Data Protection Officer (DPO), whose sole responsibility is ensuring compliance with the GDPR. GDPR will make the sector more efficient, transparent, and significant for improving customer service and purchase experience. However, non-compliance of GDPR will be fines up to 4% of turnover of the company or €20 million.

GDPR will drive the smart devices market, rather than de-rail its growth. With a regulated benchmark for customer related data, customers are expected to install more of smart pumps and smart meters due to the resulted transparency of their data. Utility companies have to proactively invest in intelligent process, procedures, and systems to maintain the transparency over the data management.

About Frost & Sullivan

For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models and companies to action, resulting in a continuous flow of growth opportunities to drive future success.

Frost & Sullivan

For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models and companies to action, resulting in a continuous flow of growth opportunities to drive future success.

Your Transformational Growth Journey Starts Here

Share This