GDPR for Electronic Access Control and Digital Locking Technology
One and a half years after the introduction of the GDPR (General Data Protection Regulation), many companies are still unsure what has to be changed. This also applies to the elect...
Andreas Grauvogl, Product Manager at SimonsVoss
SimonsVoss locking system 3060: Enabling GDPR compliance for personal data
One and a half years after the introduction of the GDPR (General Data Protection Regulation), many companies are still unsure what has to be changed. This also applies to the electronic access control and digital lock technology. Andreas Grauvogl, the responsible product manager for the subject of GDPR at SimonsVoss, answers the most important questions of data protection here in connection with the 3060 system and the locking system management (LSM) software from SimonsVoss.
GIT SECURITY: Mr Grauvogel, what personal data is stored in the LSM software?
Andreas Grauvogl: The first and second names, title, address, telephone, e-mail, staff number, user name, department, location/building, date started/left, birthday, cost center and a photo can all be stored. In principle though only the second name and the staff number are so-called compulsory fields, and necessary for the use of LSM. The customer must decide which of the other fields to use, depending upon the operational requirements of the business. Particularly sensitive categories of personal data acc. Article 9 of the GDPR are not saved.
For what purpose is personal data stored?
Andreas Grauvogl: It is fundamentally necessary to assign the identification media used (e.g. a transponder) to a particular person (e.g. employee) in order to make full use of an electronic locking system. Ultimately, data is stored to ensure secure access rights assignment.
How long is personal data stored in the software?
Andreas Grauvogl: Data is maintained at least for the duration of possession of an identification medium (e.g. during employment), because the system needs this data at least for this period. The duration of storage of data, for example in reports, can be altered by the locking system administrator and adapted to the needs of the company.
Is personal data in the software protected from access by third parties?
Andreas Grauvogl: The end user of the locking system and the software is fundamentally responsible for system administration and assigning access rights. And for that reason it is not possible to open the graphic user interface to access the data without a password and the corresponding user rights. All data is secured by a multi-level encryption process in the SimonsVoss 3060 locking system itself. Automatic transfer, usage or processing by SimonsVoss with regard to business operations does not take place.
Can the stored data be made available as a copy on request?
Andreas Grauvogl: As from Version 3.4, provided the appropriate user-rights are available, all data gathered about a person can be made available as a copy by the customer using the export function, for example for the purposes of an audit. This permits the customer to fulfill the requirements for the provision of information acc. Art. 15 GDPR Paragraph 3.
Can personal data be deleted from the software?
Andreas Grauvogl: Personal data can correspondingly be removed from the software by the customer upon request by an affected person acc. Art. 17 GDPR (as from version 3.4) and the relevant database deleted. We have described the procedure step-by-step in our software handbook. In addition, SimonsVoss is preparing its own module on the subject of fulfilling the requirements of the GDPR in the training documentation for the 3060 digital locking and access control system as well as for the LSM Software.
Companies under obligation
It has been in force since 25th May 2018 and applies to all companies in the EU that process personal data: the European General Data Protection Regulation (GDPR).
Among other things, the subject of liability and the frequently mentioned associated penalties of up to 20 million Euro or 4% of the previous year’s annual turnover has caused uncertainty and a negative atmosphere. The existing interpretation leeway of the EU directives on data protection first of all requires some additional clarification by the authorities and the courts before legal clarity can be obtained for those affected. The directive has a multiple effect on various different company processes. Sticking points are often the technical implementation of data protection, the physical data storage, the storage location, the password protection etc.
“We are in contact with our customers on the subject of data protection in digital locking systems”, says Andreas Grauvogl, the product manager responsible at SimonsVoss for the subject of GDPR , “and have established that many companies rely upon the software manufacturer. But in fact, the companies themselves are obliged to make use of the options made available by the manufacturers in order to operate in conformance with the GDPR.“
most read
05.03.2024 • Topstories • Fire Protection
Charging and Storing Lithium-Ion Batteries Correctly
Lithium-ion batteries offer many advantages. They are long lasting, have a high energy density and are only slightly self-discharging. The batteries are therefore particularly practical for many devices in the industrial sector as well as in security technology. However, one thing should always be borne in mind: Lithium and many of its compounds are highly flammable and highly reactive. Certified and GS-tested type 90 safety cabinet models enable the highest safety requirements to be met when storing and charging lithium-ion batteries.
19.01.2024 • Topstories • Fire Protection
Lithium-Ion Batteries: Fires on Yachts
Why Yacht Owners Are Adding Thermal Imaging Cameras to Minimise the Risk of Lithium-Ion Battery Fires.
22.02.2024 • Topstories • Management
Ready for the Next Chapter with Security Center SaaS
Genetec management team took the opportunity to present their new experience center in Washington to the international press early in February
22.02.2024 • Topstories • Fire Protection
Video-Based Fire Detection: You Can’t Fool AI
The revolution in fire protection is underway as AI-powered video-based fire detection represents one of the most significant advancements in the field. Bosch Building Technologies’ Aviotec 8000i IR solution utilizes AI algorithms for smoke and flame detection. These deep learning-based algorithms enable real-time, accurate fire detection while minimizing false alarms.
08.03.2024 • Topstories • Management
Pierre Racz: "Real Artificial Intelligence Does Not Exist"
In part one of this three-part interview series with Pierre Racz, President of Genetec, he is addressing why IP network video systems were the game changer in the industry and why he does not like the term AI.