Premium Listed Companies

Riskmanager.ie - News - GDPR impact on Access Control Systems

GDPR impact on Access Control Systems

June 6, 2018

By Paul Main

Director at ClearView Communications, specialists in access, CCTV, intruder & fire - service & installation.

Your access control system collects, records and processes large amounts of personal data. Some of this may be critical and sensitive.  For example, the cardholder’s (data subject’s) name, employee number, PIN code, photo ID and CCTV footage.

Access control systems also record cardholders’ movements. From this data, you can see someone’s behaviour. Cardholders are often unaware of the personal data captured by access control systems, how long it’s stored, whether it’s stored securely, and where and to whom it’s been distributed.

Access control systems are normally considered as securing a building. The protection of cardholders’ personal data is often overlooked – and can easily be violated. For example, a system administrator is often able to view the access control transactions of all cardholders. This right can be abused by browsing the information for non-security-related purposes. Under GDPR, this would be classed as a “data breach”.

In the new GDPR world, it’s important to consider the security of the cardholder – as well as the building. A well designed system can achieve both.

There needs to be an increased focus on data protection and data security to meet GDPR. This should be considered from the design phase – particularly with respect to accessing, rectifying and erasing data.

The following aspects should be considered when deploying an access control system:

1.   Purpose for identifying cardholders

2.   Type of data – and who has access to it

3.   Method of data entry (manual or automatic)

4.   Storage location and retention period

5.   Sharing data with third parties

ClearView can support you ensuring that your access control system is GDPR compliant. Please visit www.clearview-communications.com

Leave a Reply

Your email address will not be published. Required fields are marked *

UA-51134898-1

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.