Getting ready to be GDPR-compliant

Getting ready to be GDPR-compliant
In response to the imminent implementation of the GDPR, some security companies, Genetec and Thales included, have developed solutions that would help organizations get ready for the new regulations. Genetec said that it can guide organizations toward GDPR compliance with both its on-premises and software-as-a-service (SaaS) solutions. On the other hand, Thales said that its data encryption and tokenization solutions would allow data controllers to streamline data protection operations and reduce overall security costs, making them comply with GDPR mandates.

According to its white paper titled “What the GDPR means for video surveillance,” Genetec said that to protect the rights of individuals enshrined in the GDPR, data controllers collecting data with video surveillance applications can encrypt the data, so that even if an unauthorized entity gains access to the data, it is not readable without the decryption key. Other effective measures that can help secure data are authentication, authorization, and password enforcement.

In particular, said the paper, a video surveillance system can ensure that the identity of individuals remains anonymous through permanent masking, which involves anonymizing individuals in video footage for good, dynamic anonymization, in which a software that monitors actions automatically anonymizes individuals in live and recorded video, and redaction, by hiding the identity of selected people in the video footage.

According to a Genetec blog post, Security Center, its unified security platform with connectivity to the cloud, blends IP security systems within a single interface to combine access control, video surveillance and automatic license plate recognition to communications, intrusion detection and analytics. Within Security Center, the KiwiVision Privacy Protector real-time video anonymization module has been re-certified with the European Privacy Seal (EuroPriSe), which certifies that IT products and IT-based services are GDPR-ready.

“KiwiVision Privacy Protector allows for originally plain video to be cryptographically encrypted and recorded in the background and then later decrypted by authorized personnel. Data controllers can apply Privacy Protector to only those cameras that are involved in high-risk processing and can choose the ideal level of anonymization for every situation. With only a few clicks, they can either pixelate, blur, or completely obscure individuals and objects in a camera’s field of view,” stated the Genetec white paper.

Stanislas de Maupeou, VP,
Strategy and Marketing for
Critical Information Systems and
Cybersecurity, Thales
According to Stanislas de Maupeou, VP of Strategy and Marketing for Critical Information Systems and Cybersecurity at Thales, the company paves its way to GDPR compliance by first establishing a strategy for its clients. “Thales analyzes the degree of GDPR maturity of companies: our experts will analyze their processes and with the help of specialized tools, create a data map to show where personal data is stored, processed and how it is flowing between information systems. We also provide an individual plan for each company, which contains a prioritized action list for roles and responsibilities, processes, a data protection policy and suggestions on how to integrate GDPR requirements into their existing information system,” he said.

Once initial GDPR compliance has been achieved, de Maupeou continued, there will be a full set of solutions and services to help data controllers remain compliant. Thales’s data protection products can detect and alert suspicious activities, allowing data controllers to intercept a data leakage attempt before it creates any damage, he said. Thales also offers a GDPR health-check service, a detailed analysis conducted by data protection professionals, that helps organizations determine whether they are ready for the GDPR and have the right resources in place.

Going into detail on Thales’s data protection solutions, de Maupeou said that by using the Vormetric file-based encryption, data controllers can render private data unintelligible to a cyber intruder even in the event of a breach, thereby avoiding the breach notification requirement outlined in Article 34 of the GDPR.

Product Adopted:
Share to:
Comments ( 0 )