News of cyberattacks seems constant these days. Recently, Equifax, a US-based consumer credit reporting agency, announced that a private customer data breach impacted 143 million people. Earlier this year, 1.5 million connected cameras around the world were hijacked in an unprecedented DDoS attack.

As cyber-attacks become more rampant, it’s hardly surprising that governments are stepping in to hold organizations more accountable. One of the most recent examples of this is the European Union’s General Data Protection Regulation (GDPR) which is set to come into effect on May 25, 2018.

New GDPR Legislation Mandates

Essentially, the GDPR mandates that businesses adhere to specific governance and accountability standards in the processing and protection of data. A big focus of this new legislation is that individuals have greater control over their personal data. Contrary to legislations in the United States, the personal data captured by organizations will remain the property of each EU citizen, entitling them to access their own data and have greater decision power over how it is used or distributed.

Should a breach occur, companies are mandated to report it to the supervisory authority within 72 hours. Failure to comply with these new regulations could result in up to $20 million euros in penalties, or 4% of the company’s global annual turnover.

Territorial Scope Of GDPR

So why should North American companies and security directors be concerned? The territorial scope of the GDPR is global. Any business that is collecting or storing personally identifiable information (PII) of EU citizens will be held accountable, regardless of where the organization is based or operating from. This includes any business collecting information from EU residents, or organizations with offices, stores, warehouses or employees in the EU.

With the deadline nearing, these North American organizations are seeking strategies that will keep them compliant across all their data collection processes. With a focus on physical security sensors and solutions, below are five steps that North American companies can start taking to become GDPR-compliant.

Step 1: Conduct A Data Risk Assessment

To better understand the implications of the GDPR, an organization must fully assess the level of risk that its data processing operations pose to the rights of EU citizens. A business should map out how data is collected, where it is stored, how long it is kept, and who has access to it. Identifying and categorising the various types of data is also critical to this evaluation. That’s because according to the GDPR, there is a clear distinction between the high, medium and low-risk data.

Companies should add varied lines of defence such as encryption, multi-layer authentication and authorisation
Through authorization, organizations can define how specific users or groups can use the security system

For instance, data derived from a video surveillance system that shows who a person is and where they are is considered high-risk. This could be a retailer that is monitoring video of people coming into its stores or an EU subsidiary office that is recording publicly-facing video footage.

Step 2: Hire A Data Protection Officer

In cases of high-risk data processing, organizations may need to appoint a data protection officer (DPO). This person must be independent of any IT, risk or VP-level functions and will be responsible for monitoring the organization’s compliance with respect to their GDPR obligations. The DPO will act as the main point of contact for all communications with the GDPR supervisory body. This means that at any point in time, the DPO should also be able to show the steps taken by the organization to protect any collected information.

Step 3: Implement Privacy By Design

The GDPR mandates that businesses with ‘high-risk data operations’ implement systems that protect privacy and secure data by default. It is therefore critical for these organizations to start talking to system integrators and suppliers about what they can do to harden their systems. After all, cyber security should be a shared responsibility. Organizations should work with partners and vendors to better understand cyber security risks and streamline internal processes such as outlining who has access to the data and identifying why and how long it should be kept.

With this understanding, companies can justify adding varied lines of defense such as encryption, multi-layer authentication and authorization. For instance, through authentication, organizations can determine if an entity—user, server, or client app—is who it claims to be, and then verify if and how that entity is allowed to access a system. Through authorization, organizations can define how specific users or groups can use the security system.

Finally, encryption protects an organization’s information and data by using an algorithm to make text indecipherable. From device to client application, these security measures help organizations safeguard against cyber threats and unauthorized access.

Step 4: Address Data Transparency

At any point in time, an EU citizen has the right to request a copy of information pertaining to them from an organization. Upon receiving this request, the company would be required to securely and remotely share video and data files with the individual. A problem could surface if other individuals are visible in this footage. Security solutions that not only facilitate information sharing but also protect privacy can help companies quickly adapt to these new laws.

Video redaction capabilities can blur out people's faces in video
Blurring out faces transfers high-risk data to the low-risk category, allowing organizations to monitor or share video while still protecting privacy

One example is having video redaction capabilities to blur out people’s faces in video. This feature transfers high-risk data to the low-risk category, allowing organizations to monitor or share video while still protecting privacy. Companies will also need to provide greater transparency by making points of contact accessible and clearly outlining data management policies.

Step 5: Engage Data Processors

According to the GDPR, any company that collects and controls private information is a Data Controller. To properly manage the collected data, companies may choose to outsource some of the responsibility to service providers, known as Data Processors.

For instance, a retailer could decide to implement a Video-Surveillance-as-a-Service (VSaaS) solution. Some advanced VSaaS providers offer numerous logs and, more importantly, strong reporting platforms that can help Data Controllers and DPOs monitor the state of their video surveillance systems. In some capacity, Data Processors are equally responsible for adhering to laws.

Considering the failure to report a breach in 72 hours could result in massive penalties, implementing a VSaaS is a great way to stay on top of potential breaches and decrease compliance upgrade costs. However, it is not a full transfer of risk. The retailer would still be responsible for issuing and managing system access privileges, ensuring password choices are robust, and essentially, limiting data to those who can view or extract it.

Counteracting Emerging Threats Through GDPR Compliance

With heavy fines looming, it is imperative that North American businesses collecting or processing any EU citizen data begin working on GDPR compliance immediately. Those filming in high-trafficked public spaces are at an even greater risk of penalty if compliance has been ignored.

Starting with a comprehensive risk assessment, hiring a qualified DPO, upgrading technology with built-in privacy and security mechanisms, and in some cases, working with data processors can help North American businesses get on track to full GDPR compliance. Regardless of these new laws, these practices will ultimately benefit the organization as a whole, as new threats emerge globally.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

In case you missed it

New Markets For AI-Powered Smart Cameras In 2021
New Markets For AI-Powered Smart Cameras In 2021

Organizations faced a number of unforeseen challenges in nearly every business sector throughout 2020 – and continuing into 2021. Until now, businesses have been on the defensive, reacting to the shifting workforce and economic conditions, however, COVID-19 proved to be a catalyst for some to accelerate their long-term technology and digitalization plans. This is now giving decision-makers the chance to take a proactive approach to mitigate current and post-pandemic risks. These long-term technology solutions can be used for today’s new world of social distancing and face mask policies and flexibly repurposed for tomorrow’s renewed focus on efficiency and business optimization. For many, this emphasis on optimization will likely be precipitated by not only the resulting economic impacts of the pandemic but also the growing sophistication and maturity of technologies such as Artificial Intelligence (AI) and Machine Learning (ML), technologies that are coming of age just when they seem to be needed the most.COVID-19 proved to be a catalyst for some to accelerate their long-term technology and digitalization plans Combined with today’s cutting-edge computer vision capabilities, AI and ML have produced smart cameras that have enabled organizations to more easily implement and comply with new health and safety requirements. Smart cameras equipped with AI-enabled intelligent video analytic applications can also be used in a variety of use cases that take into account traditional security applications, as well as business or operational optimization, uses – all on a single camera. As the applications for video analytics become more and more mainstream - providing valuable insights to a variety of industries - 2021 will be a year to explore new areas of use for AI-powered cameras. Optimizing production workflows and product quality in agriculture Surveillance and monitoring technologies are offering value to industries such as agriculture by providing a cost-effective solution for monitoring of crops, business assets and optimizing production processes. As many in the agriculture sector seek to find new technologies to assist in reducing energy usage, as well as reduce the environmental strain of modern farming, they can find an unusual ally in smart surveillance. Some niche farming organizations are already implementing AI solutions to monitor crops for peak production freshness in order to reduce waste and increase product quality.  For users who face environmental threats, such as mold, parasites, or other insects, smart surveillance monitoring can assist in the early identification of these pests and notify proper personnel before damage has occurred. They can also monitor vast amounts of livestock in fields to ensure safety from predators or to identify if an animal is injured. Using video monitoring in the growing environment as well as along the supply chain can also prove valuable to large-scale agriculture production. Applications can track and manage inventory in real-time, improving knowledge of high-demand items and allowing for better supply chain planning, further reducing potential spoilage. Efficient monitoring in manufacturing and logistics New challenges have arisen in the transportation and logistics sector, with the industry experiencing global growth. While security and operational requirements are changing, smart surveillance offers an entirely new way to monitor and control the physical side of logistics, correcting problems that often go undetected by the human eye, but have a significant impact on the overall customer experience. Smart surveillance offers an entirely new way to monitor and control the physical side of logistics, correcting problems that often go undetected by the human eye. Video analytics can assist logistic service providers in successfully delivering the correct product to the right location and customer in its original condition, which normally requires the supply chain to be both secure and ultra-efficient. The latest camera technology and intelligent software algorithms can analyze footage directly on the camera – detecting a damaged package at the loading dock before it is loaded onto a truck for delivery. When shipments come in, smart cameras can also alert drivers of empty loading bays available for offloading or alert facility staff of potential blockages or hazards for incoming and outgoing vehicles that could delay delivery schedules planned down to the minute. For monitoring and detecting specific vehicles, computer vision in combination with video analysis enables security cameras to streamline access control measures with license plate recognition. Smart cameras equipped with this technology can identify incoming and outgoing trucks - ensuring that only authorized vehicles gain access to transfer points or warehouses. Enhance regulatory safety measures in industrial settings  Smart surveillance and AI-enabled applications can be used to ensure compliance with organizational or regulatory safety measures in industrial environments. Object detection apps can identify if employees are wearing proper safety gear, such as facial coverings, hard hats, or lifting belts. Similar to the prevention of break-ins and theft, cameras equipped with behavior detection can help to automatically recognize accidents at an early stage. For example, if a worker falls to the ground or is hit by a falling object, the system recognizes this as unusual behavior and reports it immediately. Going beyond employee safety is the ability to use this technology for vital preventative maintenance on machinery and structures. A camera can identify potential safety hazards, such as a loose cable causing sparks, potential wiring hazards, or even detect defects in raw materials. Other more subtle changes, such as gradual structural shifts/crack or increases in vibrations – ones that would take the human eye months or years to discover – are detectable by smart cameras trained to detect the first signs of mechanical deterioration that could potentially pose a physical safety risk to people or assets. Early recognition of fire and smoke is another use case where industrial decision-makers can find value. Conventional fire alarms are often difficult to properly mount in buildings or outdoor spaces and they require a lot of maintenance. Smart security cameras can be deployed in difficult or hard-to-reach areas. When equipped with fire detection applications, they can trigger notification far earlier than a conventional fire alarm – as well as reduce false alarms by distinguishing between smoke, fog, or other objects that trigger false alarms. By digitizing analog environments, whether a smoke detector or an analog pressure gauge, decision-makers will have access to a wealth of data for analysis that will enable them to optimize highly technical processes along different stages of manufacturing - as well as ensure employee safety and security of industrial assets and resources. Looking forward to the future of smart surveillance With the rise of automation in all three of these markets, from intelligent shelving systems in warehouses to autonomous-driving trucks, object detection for security threats, and the use of AI in monitoring agricultural crops and livestock, the overall demand for computer vision and video analytics will continue to grow. That is why now is the best time for decision-makers across a number of industries to examine their current infrastructure and determine if they are ready to make an investment in a sustainable, multi-use, and long-term security and business optimization solution.

How Technology Can Elevate Guest Services And Their Security
How Technology Can Elevate Guest Services And Their Security

The return to the workplace is a focal point for many in the built environment but one of the most important elements is easy to overlook. Guest services will be vital in the return to the workplace. Front-of-house teams will be responsible for welcoming building users back and reassuring them as they negotiate shared spaces in the post-Covid era. The workplace will inevitably look different after Covid. We have become more aware of our spaces, how clean they are, and what spaces building users share. Employees have also become more conscious of the pros and cons of the workplace. For some, a year of working from home has been a welcome break from the stress and time taken by a commute. Many organizations are considering moving to hybrid workplace approaches, downsizing their corporate real estate portfolio, and using shared spaces more consciously, be that for focussed quiet work or collaboration. We will also see heightened care in workplace cleaning and more data-led solutions. Front-of-house teams will be at the center of helping building users get used to these changes. The role of technology Front-of-house personnel will likely be responsible for ensuring buildings do not exceed safe occupancy levels and will be aided by visitor management systems.  Another change to look out for in the workplace will be the use of technology. Tech-led organizations have long reminded us that gut instinct and trusting our senses is not enough anymore, but Covid-19 has forced us to come to terms with this. Now that adopting technology has become crucial in cleaning, we will see a reticence to adopt it elsewhere fade too. A survey from McKinsey suggests that the pandemic has accelerated the adoption of technologies by several years. Why is this important for guest services? Much like other workplace changes, new technologies will alter how building users interact with their environment. Tech will also enable front-of-house teams to focus on the key ingredient of their role – human interaction. This will be vital in helping occupants feel comfortable, safe, and happy. Occupancy and visitor management systems These systems have been around in the workplace for many years, and pre-Covid were used to help us maximize our space and utilization. These systems are even more important as we are likely to see some return to the workplace before everyone has been vaccinated. We may see systems that contact only those occupants in an affected area of a building, rather than a whole workforce, to limit worry and ensure most people can remain confident in the hygiene of their workspace. For the rest of 2021 at least, precautions such as social distancing will need to be in place. Workplaces will continue to function at limited occupancy for some time to keep people safe. Front-of-house personnel will likely be responsible for ensuring buildings do not exceed safe occupancy levels and will be aided by visitor management systems. These may be used by individual organizations or by multi-tenanted buildings. Temperature checks and identity verification systems Organizations are mitigating risks where possible. Handheld digital thermometers have been in high demand. The use of such devices has reshaped the role of security officers over the past year. Officers have become familiar faces in shops and shared spaces, keeping people safe and acting as the first point of contact. The security sector has been placed under immense pressure, balancing the need to enforce precautions with responding to stressed building users in an empathetic way. Officers have demonstrated agility that security technology cannot replace. Post-pandemic, we will likely see a greater appreciation for what manned guarding can offer and a greater potential for officers in front of house roles. Front-of-House staff are becoming responsible for temperature verification. Some organizations may choose to increase the collaboration between their front-of-house and security teams. This could include implementing identity verification systems, as well as touchless systems. This will allow the focus of front-of-house teams to remain on the people and giving a warm welcome to users as they return to the office. Using monitoring to make guest services more available  Monitoring solutions may be the first things that come to mind when discussing security technology. We have seen an increasing trend toward integrating remote monitoring with manned guarding since before the pandemic. Such a move may be even more important now.Beyond keeping employees safe, guest services are going to play a central role in making the workplace an attractive option. For many organizations, the pandemic has forced a rapid switch in focus. Organizations have had to face the security challenges of caring for vacant premises and the additional complications of managing cybersecurity for remote work. Rebalancing the cost and focus of security may feel as though it has left some businesses without the capacity to utilize front-of-house officers. Yet when employees return to the workplace, front-of-house teams will be more important than ever. For those that did not do so during the pandemic, now is the time to be investing in effective monitoring solutions. The falling cost of technology means such a solution can be combined with manned guarding and front-of-house roles. Organizations may need to invest in fewer officers, but their roles can be more focused upon the occupant experience. Encouraging employees back Beyond keeping employees safe, guest services are going to play a central role in making the workplace an attractive option. Remote working has had both pros and cons but many of those downsides will be diminished with the end of the pandemic. Loneliness will no longer be such a challenge when seeing friends and neighbours is an option, and the return of children and partners to school and work will relieve distractions. It may be tempting, then, for many employees to continue working from home. As a result, many opportunities for collaborative work will be lost. For employers looking to encourage their workforce to return, creating an amazing workplace experience is key. Technology alone can’t offer this. Rather, too much tech could create an environment that feels clinical and impersonal. Use technology to streamline the boring or stressful elements of the workplace and invest in friendly faces who will welcome your workforce back.

What are the Security Challenges of Protecting the Cannabis Industry?
What are the Security Challenges of Protecting the Cannabis Industry?

The advent of a truly new market for the physical security industry is a rare occurrence. Particularly rare is a new market that is both fast-growing and provides an environment that is not just conducive to application of physical security technologies but that actually demands it. Such is the case with the market for legalized marijuana. We asked this week’s Expert Panel Roundtable: What are the security challenges of protecting the cannabis industry?