We live in a connected world, almost every aspect of our lives revolves around data. From online shopping and banking to social media posts, almost every service we use involves the collection and analysis of our personal data. Supplying our names, addresses, and credit card numbers over an internet connection has become commonplace and most of us do not give it a second thought. Recently, the rise of passive video monitoring that captures and records faces, as well as extracts personal metadata (age, race, gender) has become an important topic on the daily news cycle. All of this data that uniquely identifies an individual is collected, analyzed, and perhaps most importantly, stored by organizations. The General Data Protection Regulation (GDPR) adopted by the European Union is designed to reflect the reality of the connected world, and outlines laws and obligations that govern the collection, processing, and use of personal data, across Europe.
The central tenet of the GDPR is the right of the individual to control their own personal data. The GDPR states that the individual owns or possesses the data being collected by the Data Controller. Under the regulation, Data Controllers are responsible for assessing the level of risk posed by their data processing operations against the fundamental rights and freedoms of individuals and then modulating their data protection compliance accordingly.
Central to the GDPR is that data is processed lawfully, fairly, and in a transparent manner in relation to the data subject. The transparency of data processing means that data is collected for a specified, explicit, and legitimate purpose, and that the data is not further processed to extract information that goes beyond the intended purpose. In other words, the collection of personal data is limited to the intent of the original purpose (also called “data minimization”). The collected personal data must also be accurate and kept current, if applicable, while an agency that collects data must take every reasonable step to erase or rectify inaccurate personal data.
Intelligent Security Systems (ISS) offers the guidelines for Data Controllers and Processors that utilize ISS solutions to help with planning their specific strategy to comply with GDPR directives. These guidelines, however, are not a substitute for a complete and comprehensive review of Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version.
Please refer to the link below to read the full ISS GDPR Compliance White Paper.