The 25th of May 2018 the General Data Protection Regulation, GDPR, based on Regulation (EU) 2016/679 and superseding Directive 95/46 / EC became enforceable.
The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR introduces a series of novelties, extends the previous regulations and emphasizes which obligations companies must comply with. With regards to the CCTV industry this for instance implies:
With physical devices (recorders, cameras) the person in charge is the end user; that being the company, the shopping center, the community of owners. Of certain functions in the cloud, such as the registration of cloud accounts or notifications, the responsibility may lie with the manufacturer or the cloud service provider.
It is mandatory to inform the responsible person about the purpose of the installation and the processing and handling of data. It also establishes the need to have an internal registry of data processing activities by those responsible.
The GDPR maintains the obligation to inform that an area is video-surveyed, identifying who is responsible and where the rights can be exercised by citizens. The current poster with the mention of where to exercise the rights is still valid, when adding the responsible and the rights.
Another very important point is the obligation to ensure that the data collected and stored are private and can only be accessed by authorized personnel, making it necessary for the recording systems to be located in a guarded or restricted area, where the monitoring screens cannot be seen or publicly transmitted.
The latter necessitates that the required measures for devices, cameras and video recorders are taken to guarantee such privacy, since the non-compliance can lead to important sanctions.
Manufacturers of CCTV devices, such as Hikvision, Dahua, X-Security or Safire have accommodated their services in the cloud to ensure compliance with new privacy requirements. Likewise, in order to help compliance with the new legislation to distributors, installers and the end customer brands distributed by Visiotech, such as Safire, X-Security and Nivian have incorporated and improved the security and privacy measures in the IP cameras and video recorders.
This includes functions that require the establishment of a secure password, eliminating the default ones, encrypted video streams, incorrect access blocking, granular security by access level, dynamic privacy masks, default views with configurable hidden channels, filters by IP, less secure functions such as SSH, SNMP or UPNP are disabled by default, including access to certain channels that require a second password, specific for those functions.
With all this we can ensure you that the video surveillance facilities will be even safer than before and above all complying with the new legislation to ensure the continued trust from the customers.