GDPR Legislation

With the advent of the new General Data Protection Regulation (GDPR), individuals whose data is processed will have more rights. Therefore, stricter rules have been set for organizations which process personal data, having to ensure that the privacy of the individuals whose data is processed is safeguarded. Camera and/or access control systems process personal data in many cases.

Download our GDPR Whitepaper

To get you started on bringing your security systems to compliancy by the GDPR, we developed a Whitepaper. Download our AVG Whitepaper. If you still need assistance performing a Security Privacy Scan, please feel free to contact us.

Security systems process personal data

Video recordings for security purposes often include individuals which are recognizably in images, which means personal data is being processed. Indeed, video footage is collected, sometimes stored (temporarily) and used for surveillance purposes. If your employees access your premises with an access card or tag, the access control system will record who was provided access and when. If this is done by name or traceable identification number, then it is also processing personal data.

GDPR: what does it mean for you?

To achieve GDPR compliance with your (existing or new) camera and/or access control system, you will need to take a number of steps. The main five are listed below.

  1. Conducting Data Protection Impact Assessment (DPIA)
  2. Create and maintain records of processing activities
  3. Entering into processor agreements with processors
  4. Technical and organizational measures to prevent privacy breach risks
  5. Register data breaches

Organizational and Technical Measures

According to the GDPR, you must take appropriate – risk-based – organizational and technical measures to protect personal data. For camera or access control systems, “hardening” is a commonly used measure. Consider having a sound password policy, using encryption for connections to and from the system(s), and having an active policy regarding software and firmware updates.

Organizational measures mainly have to do with timely communication and an authorization policy which regulates who may view and process log files and/or camera footage. It is advisable to include the protection of personal data as early as the design of a security system.

Security Privacy Scan

Existing security systems may require additional technical and organizational measures to ensure that only required data for the specific purpose is processed. Mactwin can perform a quick scan for you to determine which additional measures are needed to comply with the GDPR.

Request Security Privacy Scan

Other GDPR services

In performing the aforementioned steps, Mactwin can support you. Based on our experiences, we developed several organizational (BIESS) tools. For example, Mactwin can perform a Data Protection Impact Analysis (DPIA) for you upon request and we offer our clients the following BIESS GDPR documents:

  • DPIA Template
  • Sample register of processing operations
  • Draft processor agreement

Stel uw vraag aan onze specialisten

Heeft u vragen over onze security oplossingen, dan staan onze medewerkers voor u klaar. Zij vertalen deze oplossingen graag naar uw specifieke situatie. Neem daarom gerust contact met ons op!

Send a message

Also of interest to you?