Meeting GDPR requirements in your S2 Security environment

Similar documents
G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper

GDPR Workflow White Paper

GDPR: A QUICK OVERVIEW

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

EY s data privacy service offering

ARE YOU READY FOR GDPR?

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

enter into application on 25 May 2018

Accelerate GDPR compliance with the Microsoft Cloud

Understand & Prepare for EU GDPR Requirements

ngenius Products in a GDPR Compliant Environment

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Data Protection Policy

Lead Forensics Software Data Compliance Policy

The isalon GDPR Guide Helping you understand and prepare for the legislation

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

Impacts of the GDPR in Afnic - Registrar relations: FAQ

The GDPR Are you ready?

Google Cloud & the General Data Protection Regulation (GDPR)

Forms. GDPR for Zoho Forms

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

How WhereScape Data Automation Ensures You Are GDPR Compliant

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

Data Protection Policy

GDPR Update and ENISA guidelines

Vanderbilt Video Surveillance. EU General Data Protection Regulation A Compliance Guide

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

General Data Protection Regulation (GDPR) Key Facts & FAQ s

PS Mailing Services Ltd Data Protection Policy May 2018

These pieces of information are used to improve services for you through, for example:

Data Management and Security in the GDPR Era

DATA PROCESSING TERMS

EBOOK The General Data Protection Regulation. What is it? Why was it created? How can organisations prepare for it?

Privacy Policy Inhouse Manager Ltd

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Royal Mail Consultation: Changes to Postal Schemes to reflect new data protection legislation

Getting personal with your customers and GDPR

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

Data Protection Policy

Magento GDPR Frequently Asked Questions

GDPR: A technical perspective from Arkivum

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

Eight Minute Expert GDPR

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

Version 1/2018. GDPR Processor Security Controls

Microsoft 365 Business FAQs

Data Processing Agreement

Personal Data Protection Policy

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

GDPR Data Discovery and Reporting

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

POLICY. Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

FileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved

GDPR Whitepaper for Compliance with the Diocese of Olympia

1. Right of access. Last Approval Date: May 2018

GDPR - Are you ready?

General Data Protection Regulation (GDPR) NEW RULES

GDPR aspects for system integrators and end customers. Axis Retail Applications and AXIS Store Reporter

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

We collect the information listed below as a consequence of our business activities.

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

GLOBAL DATA PROTECTION POLICY

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

The Rough Notes Company, Inc. Privacy Policy. Effective Date: June 11, 2018

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

Extension Architecture Privacy Notice

General Data Protection Regulation (GDPR)

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Overview of Akamai s Personal Data Processing Activities and Role

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

CipherCloud CASB+ Connector for ServiceNow

Privacy Policy. MIPS Website Privacy Policy. Document Information. Contact Details. Version 1.0 Version date March 2018.

Technical Requirements of the GDPR

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

General Data Protection Regulation (GDPR) FAQ

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

To help customers achieve GDPR compliance, Freshchat has introduced the following new features:

EU General Data Protection Regulation A Compliance Guide

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Helping you to be GDPR compliant

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

Cybersecurity Considerations for GDPR

System changes for GDPR Visitor data

Privacy Policy of

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Compliance with NIST

OUR PRIVACY POLICY. 1. Our Privacy Principles. 2. Information that We Collect from You. Last Updated: May 25, 2018

Data Processing Agreement

Understanding my data and getting value from it

CEM Benchmarking Privacy Policy

INTRODUCTION. Data security is such a big issue today that it often tops the headlines in both global and national news media.

Transcription:

white paper Meeting GDPR requirements in your S2 Security environment May 2018

What is GDPR? The European Union s General Data Protection Regulation (GDPR) takes effect May 25, 2018 and applies to all businesses that handle EU citizens personal data, which encompasses a broad range of data that may include the individual s name, address, email address, telephone number, along with any other data that identifies the individual. This white paper provides general guidelines to customers who have deployed S2 Security solutions in the EU. This paper is for informational purposes only. It is not legal advice and should not be relied upon as legal advice. The regulation defines the rights of the Data Subject, and the responsibilities of the Data Controller and the Data Processor. The heaviest compliance burden falls to the Data Controller, the entity that decides which personal data to collect and has the ultimate responsibility for safeguarding it. GDPR roles and responsibilities Data Subject owns his or her personal data and whose consent is needed to gather and store such data. The Data Subject has the right to know what personal data is currently stored by the Data Controller. The Data Subject also has the right to be forgotten by the Data Controller. Data Controller is the entity requesting collection of and access to the Data Subject s personal data. The Data Controller s responsibilities include safeguarding the Data Subject s personal data, notifying the Data Subject in the event of a data breach, and deleting personal data if there is no legal justification for keeping it upon the Data Subject s request to be forgotten. A company deploying S2 Security products onpremises typically is the legally responsible Data Controller. Data Processor is a third party who may be engaged by the Data Controller to process and manage the Data Subject s personal data. The Data Processor is responsible for safeguarding the Data Subject s personal data. In the event of a data breach, the Data Processor is responsible for notifying the Data Controller of the breach. The Data Controller is then responsible for alerting the Data Subjects whose personal data has been accessed. The Data Processor is not responsible for contacting the Data Subject directly in the event of a breach, only to inform the Data Controller. It should be noted here that on-premises deployments of access monitoring and video management systems often do not involve a Data Processor because the Data Controller handles all personal data. 2

GDPR and your S2 Security on-premises infrastructure It is important to understand that there is no such thing as GDPR-compliant hardware or software. Your infrastructure can assist in compliance, but it cannot ensure compliance. It is not possible to simply install hardware or software and instantly be in compliance with the regulation. Compliance requires the proper handling of personal data. We will describe best practices in three areas where GDPR regulations and physical security practices intersect. The Data Subject s right to be forgotten The right to know what personal data is being gathered and stored about the Data Subject The responsibility to inform the Data Subject in the case of a data breach Applying these principles to all handling of personal data make compliance easier and minimize concerns by employees, customers, and guests regarding your data policies. Gather and store the minimum personal data needed for business operations. Be proactive in explaining the data collected and why it s necessary. Doing this fulfills the Data Controller s responsibility to share with the Data Subject the personal data that is gathered and stored. Share your data retention policies when asking for consent to gather personal data. You can then refer to those policies in the future should the Data Subject ask what personal data has been gathered. Set the shortest retention policies that work for your business. Informing of a breach In the case of a data breach that compromises the Data Subject s personal data, the Data Controller has the responsibility of alerting the subject within 72 hours of discovery of the breach. The Data Processor has the same responsibility to inform the contracting Data Controller entity of a breach, thus starting the Data Controller s 72-hour clock. Access control best practices After gaining the employee s consent, only place the minimum necessary personal data in the S2 Security access control database specifically, only the information needed to verify identity and access level. This best practice is particularly important when there is an integration between enterprise HR system employee database(s) and the S2 Security access control database. When employees leave the company, it is typical to delete their records from the S2 NetBox partition(s) they have been assigned. S2 Security recommends that customers establish a standard operating procedure to purge aging S2 NetBox and S2 Global archives in a timely manner. 3

Video management best practices Identifying an individual s appearance in a video clip is a cumbersome and manual process. In most situations and installations, it s nearly impossible to be certain an individual appears (or doesn t appear) in a video file. The best policy to assure compliance is to set a retention policy for video of no longer than a few days. Unless you have the reasonable expectation of needing a video clip for legal purposes, it should be purged as quickly as possible. A note on S2 Magic Monitor Forensics S2 Security customers should be aware that S2 Magic Monitor Forensics users have the ability to publish personal data through its video export features. It is imperative to establish procedures and train system users on the proper handling of personal data in your organization. S2 mobile and cloud solutions It is important to note that when a customer contracts with S2 Security as a Data Processor for S2 NetBox Online, our mobile applications, and other cloud services, the customer retains the role and responsibilities of the Data Controller. A note for customers deploying the S2 Mobile Security Professional mobile solution Users of the S2 Mobile Security Professional application have access to your employees personal data that you elect to store in S2 NetBox. It is imperative to rescind access to all of your S2 Security deployed applications including S2 Mobile Security Professional immediately upon a security professional s exit from the organization. Concluding comments Following some simple rules regarding personal data can prevent future issues. Gather the least amount of personal data you need for business operations. Retain that information for the shortest period of time necessary. And, perhaps most importantly, be transparent about your personal data practices. References Full text of the GDPR, April 6, 2016 GDPR FAQs, EU GDPR Portal, 2016 GDPR Best Practices, Dun & Bradstreet, 2017 4

There Is No Such Thing as GDPR-Compliant Software or SaaS Solution, Martin Kuppinger, June 30, 2017 How Physical Access Systems will be affected by GDPR, IFSEC 2017 Amazon Web Services EU Data Protection, December 2016 Video surveillance and the GDPR. What will change? Axis Communications, February 27, 2018 European Data Protection Supervisor Video Surveillance Guidelines, March 17, 2010 Regulation (EC) No 45/2001 of the European Parliament and Council, December 18, 2000 2018 S2 Security Corporation. All rights reserved. S2 Security, S2 NetBox, S2 Global, S2 Magic Monitor and S2 Mobile Security Professional are registered trademarks of S2 Security Corporation. Third-party trademarks are the property of their respective owners. Data subject to change without notice. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback