June 2019 by
Privacy has become a worldwide concern as citizens worry about the safety of personal information stored in databases owned and controlled by private and public organizations.
Recent database hacks that compromised personal information about millions of people have only heightened that anxiety. Names, addresses, phone numbers, birthdates, passwords, and other sensitive information are sold on the Internet. Many people have lost faith in the way their data is collected and protected.
The European Union addressed these concerns with May 2018’s General Data Protection Regulation (GDPR) enforcement deadline. While GDPR is EU-centric, its impacts are global. All organizations must follow the regulations for controlling or processing personal data about any EU citizen.
GDPR places substantial constraints on what were largely uncontrolled data-collection practices. EU consumers can now protect their privacy and control how their data is collected and used by opting in, not out, of a company’s policies. An organization’s failure to comply can result in penalties of up to €20 million or 4 percent of a company’s annual global revenue, whichever is greater.
GDPR’s basic concepts are simple enough; citizens have a right to know the information being collected about them, understand how it is used, and be provided with a simple way to delete their data at any time.
GDPR defines personal data as any information related to an identifiable person. That might include a person’s name, home and email addresses, passwords, birthdate, driver’s license number, gender, race, political affiliations, and other categories, such as security-related data and video.
While the security industry was not the prime target of the regulations, GDPR limits how organizations use and collect video surveillance and access control data. The rules consider video to be the personal data of those seen in live or recorded images. Access control databases contain personal information about employees, as well as that of contractors and visitors who share information about themselves in exchange for a temporary pass.