How EU GDPR affect the security industry?

A few days ago, the global network social giant Facebook user privacy data disclosure issues have been noisy, and thus sparked public debate on privacy protection issues. Of course, all over the world, including video monitoring of the physical security system has also become one of the focus of discussion, today I share with you how foreign big players are the privacy issues and GDPR (General Data Protection Law) on the entity security system impact.
In today’s increasingly data-driven society, attention to privacy may be a perennial topic in the future. Recent news headlines about how Facebook and other High-tech companies use and share data, while new EU regulations will start to be launched globally.
As of May 25, all companies in the world will have to comply with the new stricter consumer data protection rules, the General Data Protection Act (GDPR), as long as they collect user data from EU citizens. But how does the new law and the broader focus on privacy affect the physical security market? Therefore, we held expert panel discussions on issues of privacy and how regulations such as GDPR affect the entity security industry and how to respond.

Peter Strom——President & CEO, March Networks Corporation

GDPR will have a far-reaching impact on the design and management of security systems. Because of this, a lot of investment has been made in the development of complex analysis systems such as capturing personal activities, identification and user-related data and trading activities. GDPR specifically restricts the capture and use of personal data from EU residents, which is directly in conflict with the use of artificial intelligence (AI) platforms to track individual activity.

Designing solutions that have access to valuable information for security or business intelligence, and keeping this information anonymous, will be a challenge for manufacturers in the future. Using smart masks, customizable retention, data encryption, and protection will be the standard for the future. Companies that do not comply with the rules for collecting and using civic data will face huge fines, and we hope that more end users are putting more pressure on their manufacturers to keep their systems under legal control.

Steve Birkmeier——Vice President of Sales, Arteco Vision Systems (Arteco, Inc.)

such as the European Union “general Data Protection Law” (GDPR) in the form of legislation to standardize the operation and management of the entity security system, more than let people pay attention to privacy protection issues appear more important. These provisions are designed to protect the personal data and privacy of citizens and consumers, which is of great relevance to the entity security agencies that store and use video surveillance for private or public monitoring. GDPR focuses on performing proper reporting and mitigation techniques in the event of a network attack or violation, emphasizing the importance of manufacturer responsibility and the integration of the entity and IT security teams to ensure that the rules are kept in place. GDPR will mainly affect global enterprises, American companies must pay attention to how they affect their business, and can learn from and apply the best practical experience to improve the overall security of the system

John Davies——Managing Director, TDSi

This is a potentially complex situation. When using access control systems, personal data may be required, but to ensure the privacy of others, anonymous processing of user information may be required when associated with a third party. For example, according to GDPR, anyone who has been photographed by a video surveillance system has the right to copy their own information from the video. However, the identity information of anyone else appearing in the video at the same time requires privacy protection when sharing. Investment investment can achieve privacy protection automated technologies (such as using video editing to blur the faces of others) can help businesses comply with new GDPR regulations efficiently and without loss. This translates the data into a lower-risk category, allowing the operator to view what is happening in the video recording without affecting anyone’s privacy.

Joe Oliveri——Vice President and General Manager, Johnson Controls, Inc.

As the deadline for the implementation of the May 25 GDPR regulations is imminent, business operators must proactively strengthen and improve the transparency and controllability of collecting large amounts of data through video surveillance, access control and other entity security systems. It is the responsibility of the system owner to ensure that the deployed system complies with the GDPR requirements and that specific measures are specified to ensure data acquisition, utilization and maintenance. It is critical to evaluate existing systems and to communicate with system integrators about which systems need to be upgraded, or to collect data in accordance with the new regulations. Physical security helps prevent unauthorized access to data, but companies must take appropriate technical and regulatory measures to fully comply with the new rules.

Jumbi Edulbehram——Regional President, Americas, Oncam

Physical security systems, such as video surveillance systems, collect video data to protect the security of people and assets. Today, many companies keep these data for a period of time to serve as forensic evidence or to manage certain industry-specific rules, such as casinos and betting. As the “data controller” mentioned in the GDPR regulation, it is the user of the security system who is responsible for strict privacy protection regulations. such as unauthorized use of data, location of data storage, and the necessary protection of video data, and so on. If the target data (the people in the video) can be clearly identified, it is important to protect their privacy very strictly. At the same time, although the primary responsibility of the end-user of the system is to protect user’s privacy, the manufacturer, especially the cloud provider, must obey the regulations.

Kim Loy——Director of Marketing, Vanderbilt Industries & Former ONVIF Steering Committee Member, Vanderbilt Industries

While the EU implements GDPR, American companies can learn a lot from enforcing regulations that protect data privacy. In addition, it is vital that American companies comply with the rules governing how to collect and share data on EU citizens. When an enterprise implements physical security systems such as access control, it collects and analyzes many personal information for various purposes. While most of the data that is shared is controlled and used by the system enterprise, integrators and even manufacturers are likely to get the data, just as some companies do with data hosting cloud servers. As a result, manufacturers need to be aware of the functionality of their products and enable end-user enterprises to easily simplify data sharing and privacy regulations.

Bud Broomhead——CEO, Viakoo

Privacy laws (such as GDPR) are cases where the physical security system and the data stored therein are keeping up with the increasing number of key business compliance and auditing standards. For video surveillance and access control, one of the main requirements of GDPR is the ability to keep track of system performance and ensure it is protected from cyber attacks. To achieve this, a consistent management process is required and is supported to automate and document these processes. Whether it’s GDPR or any other standard, the carriers of today’s physical security systems must be able to demonstrate control of their systems, while using automated service assurance solutions to ensure that failures are quickly detected and repaired, and documented, the day is fast approaching. The use of system-level rather than device-level methods to ensure that the physical security of the GDPR is one of the positive instructions issued to the industry.

Simon Bishop——Director, GDPR Systems

Due to the development of it technology, the physical security market has changed a lot in recent years, and network security has become a common term. In many cases, after the installation of the closed-circuit video surveillance System, many people forget to change the password, and rightly think the system is safe (NVR often directly in the corner), such as GDPR, such as the Legislative Council makes these systems uncomfortable. In the IT world, when users encounter physical security issues, they often ask, “what type of encryption is used?” “or” What password protection policy is taken? “And so on. This means that the manufacturer must assume responsibility for providing the appropriate security products, including, of course, product encryption measures! Integrators, installers, and manufacturers must educate end users about the latest data protection measures.

Tim Palmquist——VP Americas, Milestone Systems

There is no security factor that can exist independently. Security, even a “fair” entity security system, has many aspects to consider in the modern business environment. Security products in its application and follow-up operations, not only to protect the property and personnel safety, but also to ensure that the system and the product itself security. Rules like GDPR have brought a new century to the evolving topic of privacy protection, although GDPR requirements are new, but they are only built on existing issues such as data integrity, service continuity, and risk of business reputation. To sum up, the considerations of successful installation and continuous management become more comprehensive and necessary. System-dependent management has never been so important, with experienced and powerful systems integrators facing better opportunities.

GDPR requirements may depend largely on the end user community, but as the Expert Group emphasizes, integrators and manufacturers will also experience this impact. For integrators and manufacturers, especially the data stored in the cloud is more closely related to the GDPR. In addition, smarter integrators and manufacturers should be aware that addressing customer challenges is the best way to achieve business success, despite the difficulties and challenges of protecting user privacy and keeping up with stringent new rules. Fortunately, our security industry has responded to network security needs and is closely related to privacy protection and GDPR regulations.