What is GDPR?

The EU General Data Protection Regulation (GDPR) came into effect on the 25th May 2018.

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world. The reforms are designed to reflect the world we’re living in now, bringing in new rules around personal data, privacy and consent. GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU.

Why is it important?

Much of the GDPR (and UK GDPR in the UK) is similar to that of the Data Protection Act (1998), applying to personal data but with a broader definition. All data that can be deemed to identify someone is classed as personal data. This includes everything from genetic and economic information to images of people and dates of birth. Any business that uses CCTV or biometrics must comply with GDPR as both of these systems capture personal data.

Regulatory fines for non-compliance with GDPR regulations are much higher than under the Data Protection Act (1998) which preceded it. The GDPR introduced “effective, proportionate and dissuasive” administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. The Information Commissioners Office (ICO) takes data breaches seriously and will issue fines no matter how small the business.

What does it mean to you as a customer?

All businesses processing personal data – information that relates to an identified or identifiable individual – must be GDPR compliant. A key component of GDPR regulations are rules regarding responsibility for controllers and processors of data:

A CONTROLLER is a person or legal entity that determines the purposes and means of the processing of personal data. Their key responsibility is to be accountable. To all intents and purposes this normally falls to the owner or MD of a business.

A PROCESSOR is a person or legal entity that processes personal data on behalf of the controller. Their key responsibility is to ensure that any conditions specified in a Data Processing Agreement are met and that obligations stated in GDPR are complied with.

Most businesses will be both controller and processor of personal data when it comes to security. Additional processors may be involved if you outsource processes which involve personal data. For example, if your CCTV cameras are monitored.

How can we help?

We are able to support our customers with all aspects of GDPR and UK GDPR in relation to security, CCTV, monitoring and biometric access. We offer our customers information, site security audits, privacy impact assessment templates and advice on the steps needed to comply with GDPR.

We are experts in the field of security solutions throughout a wide range of sectors including retail, hospitality, leisure, transport and logistics, manufacturing, education, childcare and care homes. Let us help you with you GDPR compliance when it comes to physical security. Contact us today for a no-obligation chat.