By AMAG Technology, Vice President of Products and Partner Programs, Dave Ella
Organizations using AMAG’s Symmetry Security Systems throughout the European Union [EU] are preparing for the new General Data Protection Regulations (GDPR) which take effect from May 2018. GDPR will require organizations who control or process personal data from EU residents to obtain consent from employees, visitors and contractors for data stored in physical access control systems. Organizations will need to define why the data is needed and when it will be removed. The new regulations reflect the cloud hosted nature of many current information systems, but also have implications for on premise installations which are typical of security systems. Fines for non-compliance are steep – up to 4% of annual global revenue – so these are regulations which organizations must take seriously.
Multi-national organizations with a single access control system spanning North America and Europe will potentially be affected by the new regulations, as a database held on premise by an organization in North America will be subject to the new regulations in the same way. If a third party organization such as a security integrator is either hosting the server or managing it on a day to day basis, there are potential implications for that third party, even if they are not situated in the EU.
Access control systems are capable of holding extensive levels of personal data and as with previous regulation, organizations need to ensure that the data held is relevant and justifiable. It is easy for an organization to import data from an HR system which is not directly necessary to the specific security application. Retention periods, particularly for former employees, contractors and visitor’s personal data, also need to be considered.
An important new aspect of the GDPR regulation includes data from which a person’s location can be calculated. While this is presumably targeted at web applications which track cell phone location, physical access control systems do hold data related to who has gone where and when, so the responsible parties within an organization need to take this into account. As with any new regulation, it is unclear how this will be interpreted in a real-world scenario.
GDPR broadens the definition of ‘personal data’ to mean anything that could identity a person. For example, an email address, home address, job title or type of car one drives. Other identifiers could include gender, political views, biometric information and personal interests.
There is a strong link between GDPR and cyber security since security of the data being held is understandably seen of great importance under the regulations. It is important that AMAG customers have hardened their system using IT best practices and considered using the encryption mechanisms within the Symmetry system.
With web based applications in mind, the regulations now insist that people explicitly agree for their personal data to be held by a system – typically by proactively ticking a box in a sign-up screen which must be empty by default. How that will be interpreted for the systems of organizations which require to hold personal data such as HR and payroll systems – and security systems – is not yet totally clear, and statements in employee terms and conditions of employment may still be sufficient. Visitor Management systems need to be considered too, as some personal data of visitors either in a Symmetry database or as video will also normally be held.
Video Management Systems, and the retention periods for storage of video data fall under the GDPR regulations as well. As with all personal data recorded by business systems, as long as there is a genuine need for the data to be held for a given length of time, and the systems have been considered and recorded by the organization’s data protection officer in line with the new regulations, there should be no major implication for the Symmetry user in terms of the continuation of their physical security arrangements.
AMAG certified resellers with customer sites in Europe, and security managers in Europe should familiarize themselves with the new regulations and co-ordinate with each organization’s data protection team to ensure that their activities are fully compliant.
To learn more visit: http://www.eugdpr.org/
Coming off another successful ASIS and heading full speed into the fourth quarter of 2015, it’s been a year full of exciting adventures. First we launched our new video product, Symmetry CompleteView, to bring our customers a superior video management product line, and now we’ve introduced Symmetry CONNECT™, our policy-based identity, access management and visitor management cloud-based software solution.
We are also excited to launch our newly designed website and logo. Our three offices, Torrance, Burlington and Tewkesbury, UK are now all known as AMAG Technology, a G4S company, and our new logo and website reflect the coming together of the three offices to provide unification across our global company. The newly designed website demonstrates our company alignment and globalization of our operations with G4S. We are thrilled to offer our customers streamlined communications, combined resources and around the clock support.
At the heart of everything we do, is you, our customer. The products and solutions we offer are developed because you have a security need. Our new Symmetry EN-1DBC+ access control panel provides an edge network solution that can use Power over Ethernet, if available. This cost effective controller secures one door, but can easily grow to two doors with the addition of a low-cost snap-on module.
Got Casi? Our Symmetry SR Controllers are a state-of-the-art access control system and can help migrate a customer from an obsolete Casi Rusco platform to a new Symmetry solution quickly, easily, at a low cost and with low risk. When combined with Symmetry CompleteView Video Management and Symmetry Power Protect NVR (available in the USA and Canada only), it delivers a powerful security management system for users of any size and market. This is the best solution on the market for those converting from an old Picture Perfect or Secure Perfect Casi system and we have the references to prove it!
But what I am really excited about is our new Symmetry CONNECT software. Symmetry CONNECT manages a companies’ operational needs. Symmetry CONNECT automates how organizations can manage visitors, employees and contractors. By automating processes, a company reduces manual errors and implements sustainable policies to operate more efficiently. Organizations can be certain the right people have access to the right areas at the right times.
Symmetry CONNECT nicely rounds out our product line and positions AMAG as a true technology leader in the security industry. AMAG Technology offers Symmetry Access Control for access, alarm and event monitoring and it contains a workflow engine, Symmetry CompleteView VMS for situational awareness and video management, and now Symmetry CONNECT for credential authentication, helping meet compliance requirements and visitor management to help companies operationalize and streamline their business. AMAG offers you everything you need to efficiently and effectively secure and protect your buildings, employees, visitors and assets. And you can get this robust solution for a fraction of the cost of our competitors.
It’s been another busy year working to provide the best products, services and solutions to our customers. With Symmetry, CompleteView and CONNECT, our powerful trifecta product offering, you and your customers win! Get everything from ONE company and for a lot less than what our competitors are offering. I can’t wait to see what happens next!
You can reach me at email@example.com.