In a world predominantly driven by data, privacy concerns are not a new topic of discussion. On May 25th 2018, the full effects of the General Data Protection Regulation (GDPR) will be felt globally as companies that collect data on EU citizens will need to comply with strict rules for the sake of protecting consumer data.
It goes without saying that the physical security market will also be affected by GDPR, in this article we will be discussing the impact of GDPR on physical security systems and how they can be managed.
Manufacturers will be faced with the challenge of designing solutions that are able to capture valuable information for security or business intelligence purposes whilst at the same time anonymising retained date. The ability to mask, customise retention, data encryption and protection will become standards moving forward as failure to adhere to these standards could lead to significant fines for companies collecting data. There is no doubt that end users will be putting the burden on manufacturers to prove that their systems comply.
Legislations such as the EU’s GDPR affect the physical security industry more than most have anticipated. This legislation aims to protect the personal data and privacy of the general public and customers, which is therefore relevant to organisations that store footage from the use of video surveillance or event management system for private or public monitoring. The GDPR focuses massively on enforcing correct reporting and mitigation techniques in the event of a cyber-attack or breach, therefore emphasising the importance of manufacturer responsibility between those responsible for the physical and IT security teams to cohesively ensure compliance to regulations.
In regard to access control, a request may be made to provide data held on an individual whilst ensuring the privacy of others, it may be necessary to anonymise data held on third parties. For example, under GDPR any persons recorded on CCTV has the right to request footage of themselves, however the identity of others recorded on that footage needs to be protected before being shared. Organisations will need to invest in technology that allows them to anonymise any data connected to third parties. To automate privacy protection such as using video redaction capabilities to blur faces of third parties in CCTV footage, organisations may need to make a considerable investment into technology. This will allow for painless, efficient GDPR compliance.
Owners of on-site systems will be responsible for their own GDPR compliance and will be required to have transparent measures in place to hold them accountable for how data is accessed, used, stored and maintained. It is crucial to evaluate current systems and communicate with your installers to better understand what, if any updates are required and how to report any unauthorised access to data. Overall it is important that businesses have the relevant technical and organisational measure to fully comply.
Ultimately GDPR requirements will fall primarily on all end users, however the effects of GDPR will be felt mostly by manufacturers and installers. Forward thinking manufacturers and installers will understand that meeting their clients concerns and challenges is the best route to success and therefore reacting to cyber security needs which closely align to privacy and GDPR requirements should be a staple point within installers and manufacturers plans moving forward.