I have been talking about the European Union’s General Data Protection Regulation (GDPR) for almost two years. The regulation sets out a single set of rules for all companies operating in the EU. These rules were developed to provide people with greater control over their personal data and incentivize organizations to make meaningful changes to how they collect, process, and store that data. The GDPR is also the reason why you received so many emails last spring from sites that you visit and newsletters that you subscribe to asking you to update your information.
As part of a company with global operations, I have had the opportunity to see and support a wide variety of organizations as they grapple with security challenges on a large scale. One of the persistent challenges we’re facing in the 21st century is how to manage and make use of the ever-increasing amount of data being collected and stored within our security systems. Lately, a lot of my time has been spent with our European team out of our Paris office, getting ready for the European Union’s General Data Protection Regulation (GDPR). Developed to protect individual privacy, the GDPR sets out a series of specific regulations as well as strict fines for non-compliance for organizations that collect and process personally identifiable information (PII) from EU citizens.
Genetec is urging North American security directors to get ready for the European Union’s General Data Protection Regulation (GDPR). While the initiative is led by the European Union, the territorial scope of the GDPR is global. As of May 25, 2018, any business that is collecting or storing personally identifiable information (PII) of EU citizens (including surveillance video, cardholder information and activities tracked by an access control system, and license plate numbers captured by an automatic license plate recognition (ALPR) system) will be held accountable, regardless of where the organization is based.
On 6 July of this year, the Bavarian Data Protection Authority issued a brief guidance paper on video surveillance under the new European Union (EU) General Data Protection Regulation (“GDPR”). This short paper is the first issue within a series of non-binding guidance papers on selected topics in relation to the GDPR, which the Bavarian Data Protection Authority has planned to publish periodically. This is a significant step forward for EU countries to adopt a more uniformed approach to video surveillance retention policies.