The General Data Protection Regulation (GDPR) is a directive under European Union (EU) law regarding data protection and privacy for all individuals within the EU and the way in which that data is processed.
IDIS welcomes GDPR and respects privacy rights globally. Since cyber-attacks and data breaches have become more prevalent, it is no surprise that governments want to hold organisations more accountable.
The responsibility of securely processing and keeping information rests with IDIS customers, making it crucial for them to work with a surveillance manufacturer they can trust and one that will give them the best tools available to support compliance.
IDIS offers surveillance solutions that align with GDPR Article 32 covering the processing of data securely and Article 35 regarding the processing of data within technology. Specifically, IDIS technology helps prevent data theft and allows public and private spaces to stay secure while complying with privacy.
IDIS technologies such as Privacy Masking and Critical Failover cannot themselves be GDPR compliant. However, right from the design and development phase, IDIS now considers how products and solutions can assist organisations in deploying and operating GDPR compliant systems.
IDIS Privacy Masking technology allows customers to mask people in high-traffic areas such as shops or offices as well as areas they want to remain confidential. This feature supports customers when providing video evidence. The way in which IDIS applies this technology means that the original video footage is not manipulated or changed. Further, the IDIS proprietary technology, Chained Fingerprint, allows users to detect any sign of tampering or alteration, so users are assured of the integrity of surveillance data itself in order to provide video evidence that is robust enough to stand up in court. Our Privacy Masking also supports requests for information as they arise.
In addition, IDIS Critical Failover also ensures there will never be a gap in footage. Break ins to buildings not only puts physical assets at risk, but digital property that may contain sensitive and personal information. Critical Failover prevents the loss of vital recorded data during an array of fault conditions, ranging from network instability to power supply failure. This means an organisation’s data protection officer can quickly verify and report any breach no later than the 72 hours as prescribed in GDPR Article 33.
GDPR cites that surveillance footage should only be stored for a length of time that is appropriate to the application. By using the IDIS storage quota functionality, customers can set different retention times for a camera or groups of cameras. For instance, a retail outlet may need to retain footage of financial transactions for a period of 90 days, while for more general areas of a store one to two weeks could be sufficient.
One of IDIS’s strengths is our focus on network security. For many years we have encouraged our customers to keep their surveillance solution separate from their corporate network, since every device connected to that network is a potential gateway to sensitive data.
IDIS uses end-to-end data and communication encryption from video capture through to transfer to our recorders or servers. Whether its DirectIP® or an enterprise solution encompassing servers, we have embedded proprietary protocols that are not familiar to hackers.
Our NVRs also force installers to implement a password that is encrypted, while two-factor authentication is also recommended. Importantly, at no point thereafter can IDIS access an NVR or sever, even if in the event of a lost password. This dispels the common fear of ‘back doors’ that blatantly put video data at risk.
Many breaches are a result of human error by failing to enforce best practice, particularly when installing large systems that require hundreds of device passwords that for convenience and speed are often saved in vulnerable spreadsheets residing on unencrypted PC hard drives. IDIS has been at the vanguard of true plug-and-play technology meaning zero configuration that eliminates the need for installers to manage every device with a corresponding password. We call this ‘manageable complexity’.
IDIS training programs also help installers and end users make informative decisions with regards to implementing surveillance systems. Our technical teams give recommendations on the placement of cameras, advice on the retention of footage appropriate to the application and cover the importance of enforcing network security best practices.
For more information on privacy and IDIS technology, please contact us by clicking here.