Data Protection and Privacy

What is Data Protection and Privacy?

Data protection and privacy is the relationship between the collection and dissemination of data and public expectation of and rights to privacy.  The challenge of data protection and privacy is to collect and use data to deliver efficient services, while protecting an individual’s privacy preferences and their personally identifiable information (PII).

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation which governs data protection and privacy for all individuals within the European Union and European Free Trade Agreement (EFTA).  GDPR gives individuals control over their personal data and applies to businesses processing of personal data of individuals inside the EU and EFTA.

GDPR segments stakeholders in 3 main groups:

1. Data Subjects – People Being Recorded on Camera

GDPR has been created to regulate the privacy and the way personal data of European & EFTA residents and European Citizens is managed, worldwide. GDPR gives Data Subjects a number of rights. A few notable right are : the right to be forgotten, right of access by the data subject or the right to object.

2. Data Controllers – Operators of the Video Surveillance System

Data Controllers are the Video Surveillance End Users: Shopping Malls, Airport, Metros and other facilities with a Video Surveillance System.

Data Controllers are impacted the most by GDPR as the compliance burden falls on them. Compliance is critical as fine for non compliance are very high

3. Data Processors – Companies Handling Data of Data Subjects

Companies handling and/or processing personal data according to GDPR are defined as Data Processors. In general, Cloud/SaaS companies as well as some Systems Integrators (who are processing/handling personal data) are defined by GDPR as data processors. The GDPR compliance burden falls on Data Controllers, thus Data Processor and their products and solutions will never be GDPR compliant on their own. However, Data Processors products & solutions shall have all the right features, technologies and processes in place to enable Data Controllers to be GDPR compliant.

Broadly speaking, GDPR requires that personal data be: