Issue link: https://resources.genetec.com/i/930320
Guide · Journey to GDPR compliance Understand PD in physical security Every day, your organization might be collecting EU citizens' personal data (PD). This is data that can lead to the identification of a person, directly or indirectly. PD collected by physical security systems can include the following: • Video of people captured by surveillance cameras • Cardholder information and activities tracked by an access control system • License plate numbers captured by an automatic license plate recognition (ALPR) system Learn the fundamentals of GDPR Under the GDPR, your organization must respect individual rights to PD. You must also follow minimum requirements for cybersecurity, data handling, processing, and breach reporting. Here are some of the basic guidelines: • Offer full transparency by providing notice of data collections and publicly declaring data privacy policies • Unless processing is justified for other reasons, get valid and explicit consent from individuals before collecting their data • Store PD only for the required duration • Erase PD at the individual's request without undue delay, unless law requires otherwise • If required, provide individuals with their PD in a commonly used format • Delegate and restrict access to PD, especially video, to specific individuals • Anonymize and redact video content to protect identities when sharing information • Use various encryption methods to protect PD, including in video and communications • Track who and when an authorized user accesses PD • Inform authorities and if required users about breaches involving their PD within 72 hours How does GDPR affect you? Clarify roles and responsibilities All organizations that gather or handle EU citizens' data are subject to GDPR. While your organization is responsible for abiding by these GDPR mandates, you need to ensure that so are all your partners that have access to your data. Data controllers Any organization that decides which PD to collect, for which purpose and how to process it, such as a company that collects cardholder information or video footage. Responsibilities include: • Vetting channel partners and vendors you work with • Controlling what data your partners have access to • Evaluating how they intend to manage, store, and secure data • Ensuring partners are abiding by best practices and honoring their commitments Data processors Any organization that processes PD on behalf of data controllers, such as cloud service providers or companies that host security systems. Responsibilities include: • Being accountable for technology deliverables and other commitments • Remaining transparent about PD handling and protection • Assuming responsibility for any of their own actions (including that of their respective suppliers) that may impact your organization