s management complexity


capabilities to help organisations comply with the main requirements of GDPR more effectively and efficiently, enabling them to do business without fear of incurring fines or other penalties.


Automation to streamline processes


As previously mentioned, the process of implementing GDPR requirements across PACS often relies on the human element in the form of incredibly time-consuming and error-prone manual processes. PIAM solutions remove these impediments by applying policy- and rules-based automation to streamline all processes, from identity enrollment through to the auditing necessary to demonstrate compliance.


PIAM tracks all of the places information has been propagated, making audit and deletion a straightforward process.


Pseudonymisation to protect personal data


One of the benefits of PIAM embraced by GDPR (recital 28) is the ability to use pseudonyms to easily obscure individuals’ personal data, which can go a long way toward easing compliance. With PIAM solutions, organisations can replace first and last names with a unique ID within identity records. Rather than transmit personal data to PACS systems, this anonymous information is then sent from the PIAM solution rather than individual names and other details. This tactic is not only mentioned in the GDPR regulations but is encouraged – and it is something that would be difficult, if not impossible, to do using the PACS alone.


Why is this important? Because organisations are required to report any breach of personal data to individuals within 72 hours of the incident or face fines. However, this requirement only applies to personal information and is waived if the breached data has been anonymised. Therefore, employing pseudonymisation can substantially limit not only risk, but also liability. Given its power to aid in meeting the requirements of GDPR, the importance of automation cannot be understated, as it serves as the foundation upon which the vast majority of PIAM’s other capabilities are built.


Self-Service enrollment in a physical access control system


In addition to improving security, properly enrolling employees, contractors, visitors and others in a PACS also plays a key role in GDPR compliance. However, there are often delays


throughout the process between the initial request and final approval of access privileges – delays that cost productivity and money, while also compromising security. PIAM solutions allow an organisation to create a self-service enrollment process that streamlines the onboarding process.


The self-service function can also be used to meet the consent and purpose mandates of GDPR. During the enrollment process, employees, contractors, visitors and other third parties can be given access to their own profiles where they can view what personal information is being collected for what reason and how that information will be used, and then record each individual’s consent. Capturing this important data at the time of registration or request for access privileges eliminates multiple potentially costly and time-consuming tasks from the GDPR compliance process.


Additionally, a self-service portal can also be used to permit individuals to review data collection and usage policies, and give them a portal to revoke consent to have their information stored and used for access control and other purposes, at which time the system will automatically erase any and all data related to an individual – addressing another important GDPR requirement.


Systems Integration with other security systems


One of the biggest strengths of PIAM solutions is the ability to tie multiple disparate systems together easily to allow information to be aggregated. This encompasses access control, visitor management and other security systems as well as non-security systems like human resources, time and attendance and others. The PIAM solution can serve as the hub for all of these systems, giving organisations a single source for management.


From a security standpoint, the ability to aggregate, sort and analyse data from these disparate systems can prove beneficial in identifying potential behavioural and other patterns that may indicate a potential threat. There are also numerous operational benefits, including efficiency and cost savings. If manually entering data into a single system is time-consuming and error-prone, imagine the potential headaches of having to do it for multiple systems. By eliminating this need, PIAM enables greater efficiency and decreases or eliminates the potential for human error. Because the same challenges also apply to tracking and removing data, this capability makes it easier for an organisation to ensure GDPR compliance.


Today, an individual’s data is typically stored across multiple systems within the security and/or operational ecosystem. This can become problematic when it is necessary to delete an individual’s information, since simply


© CI TY S ECUR I TY MAGAZ INE – SUMME R 2 0 1 8 www. c i t y s e c u r i t yma g a z i n e . c om


removing it from a single system does not meet the standard established under GDPR. With PIAM, an organisation can simply remove the data in question from a single solution and know that it will automatically be removed from all integrated systems simultaneously, satisfying requirements for compliance.


Auditing is easier


As with any regulation, demonstrating compliance with GDPR is vital and must be done regularly to avoid penalties. This can be a daunting task that requires demanding and thorough auditing and reporting. Unfortunately, these critical tasks are often performed using costly, time-consuming and error-prone manual processes. However, non- compliance is not an option, as the potential cost and penalties are even more daunting. PIAM reduces this strain on an organisation’s resources by employing automation that enables efficient auditing of systems and locations, along with the robust reporting capabilities needed to demonstrate compliance. For example, when user consent is recorded or when individual data is automatically deleted from PACS and all other integrated systems when requested in accordance with GDPR, that action is stored within the system. Rather than rely on people to collect and report this information, PIAM allows organisations to generate compliance reports with the click of a button – significantly reducing regulatory reporting costs. This function can also be programmed to be performed at regular intervals to ensure timely reporting and compliance.


In our connected world, privacy has taken on increased significance for everyone, and as a result, governments are enacting regulations and policies to protect individuals’ most valuable commodity – their identity. As GDPR takes effect, organisations wishing to do business in Europe must be actively working to put the policies and practices in place to ensure compliance with this new regulation. This will no doubt be challenging, but advanced PIAM solutions replace the manual processes often used to perform the tasks required under GDPR with automation, strong integration and thorough auditing capabilities.


Organisations can deploy PIAM to effectively and efficiently ensure compliance with the main requirements of GDPR and avoid staggering and potentially catastrophic penalties.


Andrew Bull Regional Sales Director – UK, HID Global, IAM Solutions


www.hidglobal.com > 17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32