With the growing complexity and intensity of cyber threats and attacks we’re seeing in the news, it’s no surprise that more and more regulations are being developed to protect personal data. And while these guidelines may seem to only pertain to the data and IT security sector, their implications for the physical security industry are significant.
The most notable set of rules put in place this year to address the safety of consumer information is the European Union’s General Data Protection Regulation (GDPR). It governs not only organizations located within the EU, but also those in the United States that “offer goods or services to, or monitor the behavior of, EU data subjects.”
The GDPR becomes relevant in the physical security industry when it comes to video surveillance and security management. Gathering data to protect people and assets is the key principle behind the purpose of video security cameras, but the GDPR enforces strict privacy and regulatory requirements, such as the use of video without consent, where the video is stored and the measures in place to protect the video.
It is therefore critical that manufacturers prioritize compliance across devices and integrators work to educate end users on the proper data protection protocols. This is especially true for those using or producing video management software, as the advancements in video analytics have allowed for increased data collection. And for auditing purposes, operators must be able to quickly locate recorded video through efficient and user friendly search functions.
Though regulations such as the GDPR primarily aim to ensure privacy and compliance, the second half of their goal addresses the increasing sophistication of cyber criminals and their ability to compromise the networks of enterprises. The GDPR creates guidelines for timely response and notification, but organizations can stay ahead of the game by practicing proactive security postures and embracing integrations.
These integrations must start internally: IT experts should be pulled into overall security, business continuity and resiliency decisions and positioned as collaborative partners to assist with software and infrastructure updates, data safety protocols and complex network challenges. And should a breach occur, these professionals can assist in the use of the proper reporting and mitigation techniques.
As we near the end of a year that marked a monumental shift toward a universal understanding of data protection and privacy, it’s become clear that legislation such as the GDPR will only become more common moving forward. The California Consumer Privacy Act (CCPA), incorporating the same concepts of the GDPR and signed into law in June, is a perfect example.
As the cyber risk landscape continues to evolve, every player in the security industry must prioritize complying to these guidelines and collaborating to ensure safety and security for customers, assets and brands.