How physical identity & acces can reduce GDPR compliance


A


ndrew Bull from HID Global explores the implications of GDPR on physical access control systems and how advanced physical identity and access management (PIAM) solutions can help.


GDPR now harmonises data privacy


Beginning 25 May, companies doing business in the European Union are required to comply with the new General Data Protection Regulation (GDPR) standards. This initiative will standardise and harmonise the fragmented data privacy across the European Economic Area to ensure that individuals’ rights are protected in today’s digital world.


GDPR’s primary purpose is to ensure that all organisations operating in Europe obtain consent from individuals to capture and store identity information and remove that information from servers if it is no longer


needed. The regulation also sets higher standards for consent, which must be freely given based on clear, easily available information about what an individual is agreeing to. Organisations must also make it as easy for someone to withdraw consent, as it is to provide it.


Implications for physical access control systems


For security teams, this means they must ensure that consent is recorded for all individuals whose information they are storing and managing across all physical access control systems (PACS) and that any personal information is centrally tracked and controlled on all servers for all EU citizens, no matter where in the world that server resides. All information must be auditable and individuals’ personal information must be removed from the relevant PACS servers if they no longer require access or if their authorisation and/or privileges are no longer valid. This means that an EU citizen added to a PACS must be tracked and removed once that entry is no longer relevant, or upon the citizen’s request.


The good news is that organisations will now have a single regulation rather than multiple standards in different regions to comply with, which should significantly decrease compliance costs while improving public perception of data privacy and individual rights.


The bad news is that for many organisations, compliance with GDPR will be challenging, and the complicated and inefficient manual administrative processes often employed to transform policies into practice do nothing to ease the burden. In fact, they are actually more likely to hinder these efforts, which rely heavily on gathering information from a variety of stakeholders – a far less than ideal combination.


Bridging the gap with physical identity and access management (PIAM)


However, there is help available for security departments. Advanced physical identity and access management (PIAM) solutions bridge the gap between policy and process by employing policy-based automation, deep systems integration and strong auditing


INTRODUCING HID SAFE™


enterprise


Quantum Secure’s SAFE software suite is now HID SAFE™ Enterprise. The leading physical identity and access management software is now part of the HID Global family. HID SAFE™ Enterprise streamlines and automates identity management and compliance while providing operational analytics across multiple sites and systems in a single platform. Find out more by visiting hidglobal.com/iam


16 © CI TY S ECUR I TY MAGAZ INE – SUMME R 2 0 1 8


Advertisement


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32