The European Union has spelled out specific requirements and safeguards for handling and protecting personal data. In the General Data Protection Regulation (GDPR), the EU makes clear exactly what is expected of those who control and process data. (The United Kingdom has committed to follow the regulation despite the Brexit vote.) Everyone is facing a deadline on May 25 2018 to comply with the GDPR. What are the exact implications for the physical security market? What do customers need to do to ensure they are compliant? These are urgent questions, given that the clock is already ticking.

The GDPR’s implications are especially timely considering the physical security industry’s current emphasis on the value and importance of data. The growing value of data was a big topic at the recent IFSEC show in London. The industry is looking for new ways to leverage data for benefits in a company beyond the security department.

New Cybersecurity Responsibilities

One example is access control data: Who is granted access to which door and more generally, how do employees move throughout an enterprise? This is information that can be useful to managers, whether to analyze facility usage trends or promote more efficient operations. Access control data is especially valuable when combined with other data in an organization, such as human resource (HR) and accounting records. It provides more data points that a company can use in overall metrics to guide business operations.

But as the GDPR emphasizes, the value of data and the ability to leverage data come with new responsibilities, specifically a need to protect privacy. This includes a need for additional cybersecurity of networked systems, another current “hot topic” in the market and historically a weak, or at least under-addressed, point for the industry.

The GDPR applies to “personal data,” but its detailed definition includes digital information such as IP addresses and a range of personal identifiers. Sensitive personal data, such as biometric data used to uniquely identify an individual, is in a “special category.” Physical security systems collect plenty of personal data, some of it critical and sensitive, including an employee’s PIN code, fingerprints, or even video footage.

GDPR Impact On Physical Security

Other areas that might impact the physical security industry include requirements to provide information about any transfers of data to other countries outside the EU and the retention period of data and criteria used to determine the retention period. There is also a “right to erasure” that provides an individual a right to have personal data erased if it is “no longer necessary in relation to the purpose for which it was originally collected/processed.”

The value of data and the ability to leverage data come with new responsibilities, specifically a need to protect privacy
Physical security systems collect plenty of personal data, some of it critical and sensitive, including an employee’s PIN code, fingerprints, or even video footage

In the accountability section of the regulation, companies are required to implement “appropriate technical and organizational measures” to ensure and demonstrate compliance. In the category of “data protection by design”, there is a general obligation to “implement technical and organizational measures to show that [a company] has considered and integrated data protection into processing activities.” It is even more reinforcement to the need for more cybersecurity.

Data Protection By Design

The GDPR endorses the use of approved codes of conduct and certification mechanisms to demonstrate compliance, including codes created by trade associations or representative bodies. There may be an opportunity for organizations in the physical security market to step in and create such guidelines and to clarify best practices as they relate to our market’s technologies. 

In the category of “data protection by design,” physical security system manufacturers should include data protection and security from the first floor as they are designing new products.

Based on several recent conversations, I can say with confidence that these concerns are definitely on the minds of many in our industry. But concerns aren’t necessarily answers, and time is short to fully comply with GDPR by the deadline.

And the issue isn’t limited to Europe; multi-national companies that do business in Europe, or even cloud systems that store data there, are also impacted. And even beyond GDPR, data protection is an urgent concern around the world. It’s time to step up.

Download PDF version

Author Profile

Larry Anderson Editor, SecurityInformed.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Has The Gap Closed Between Security Fiction And Security Reality?
Has The Gap Closed Between Security Fiction And Security Reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage
BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SecurityInformed.com to discuss the reasoning behind the deal, and how the program will benefit partners, integrators, and end-users alike. Expanding BCDVideo's Product Offering For BCDVideo, the HPE OEM program has been widely acknowledged as a success, allowing the company to leverage a globally recognized brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support For Integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting Surveillance Market Demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating For Growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.

How To Prepare For Active Shooter Incidents | Infographic
How To Prepare For Active Shooter Incidents | Infographic

This Active Shooter infographic summarises information about trends among active shooter incidents, and outlines how an organization can develop a plan before tragedy occurs, including:   Statistics on the numbers and types of recent active shooter incidents. A profile of common traits among active shooters. How to prepare beforehand, and what to do when the police arrive. How organizational planning ensures maximum preparedness. Pre-attack indicators to look for. Be sure to share this information with coworkers and managers. Awareness is key to preventing active shooter incidents, and to minimising their tragic consequences. When sharing this infographic on your website, please include attribution to  SecurityInformed.com More resources for active shooter preparedness: How hospitals can prepare for active shooter attacks Six steps to survive a mass shooting Technologies to manage emergency lockdowns  How robots can check for active shooters  Background checks to minimise insider threats Gunfire detection technologies for hospitals, retail and office buildings 21 ways to prevent workplace violence in your organisation Non-invasive security strategies for public spaces