EU General Data Protection Regulation
The GDPR compliance is mandatory for the organizations, which collect, control, store and process the personal information of the customers in their respective services and businesses. Article 13, 14, and 15 are closely related GDPR physical security compliance. These articles spell out the restricted conditions for collecting, processing and transferring of the personal data based on robust access control security.
The data collected through CCTV surveillance cameras, identity based physical access data, biometric information and personal information are fully governed by the GDPR regulations from 25 May 2018.
According to Ovum report, more than 70% of the US companies operating in the European market are facing a budget increase pressure to achieve DGPR compliance in the EU countries.
This report further finds that more than 85% of the US based companies are finding themselves in a disadvantageous situation due to GDPR regulation including GDPR access control compliance requirements.
The main points related to GDPR access control compliance include:
- A robust access restriction mechanism should be in place
- Robust privacy policy based on GDPR data retention and sharing rules should be implemented
- Companies should integrate access control and identity management information for GDPR compliance of data privacy
- The video redaction technique should be in public facing CCTV monitoring system to achieve GDPR access control compliance
- High-risk activities into low risk activities should be minimized through anonymity and pseudonymized approach in all access control processes
Does Your Company Require GDPR Compliance?
All companies that deal with the data collection, data processing, data sharing and data storing of the natural people living in the European countries are required to adopt GDPR compliance. In addition, any company based in other countries, but operate in Europe will be subject to this regulation.
How to Make a GDPR Physical Security Compliance Company? #
The GDPR regulation is in evolution phase, with many moving pieces. The data protection, privacy, processing and data sharing restrictions have been devised, but no standard procedural guidelines are available yet. However, these are the main points that can be helpful in getting your company compliant with the GDPR regulations:
- Get help from lawyers to understand the regulation properly
- Categorized high-risk and low risk-data that your company uses
- Find a roadmap to minimize the high risk data
- Manage the critical data first and low-risk data later
- Make a full assessment of the documents and security policies
- Repeat the process and make revisions, if required
What to Check in a GDPR Compliant Company? #
For a GDPR physical security compliance company, check for the following checklist items:
- Is the data controller appointed for data processing?
- Data protection officer available as per Article 37
- Data retention duration policy in place
- Is privacy impact assessment PIA done
- Personal data handler employees are trained
- Policies and procedures are in place
- The company allows access right to owners for their personal data
- All security measures like encryption, Pseudonymisation, and others are in place
- And others related to issues, breach notification, data processing and international transfer of data should be in place.