Geutebrück users take a relaxed view of the General Data Protection Regulation GDPR and the Federal Data Protection Act
August 26, 2019
From May 2018, the General Data Protection Regulation will apply throughout the EU. At the same time, the new Federal Data Protection Act (German law) will come into force. Both have significant consequences on the admissibility of the processing of personal data.
However, many users of Geutebrück solutions are able to take a relaxed view of this new legislation. The highly complex systems not only protect people, relationships, processes and values, but also safeguard data and personal rights, meaning you can precisely define what is monitored or hidden, what is displayed and saved, what is searched for, transferred, exported or deleted. Above all, however, permissions and who can access your data will be strictly controlled.
The relevant paragraphs and articles below briefly and concisely list the most important functions and features that Geutebrück users and their employees have already been appreciating and implementing for many years.
GDPR Article 5: Principles for the processing of personal data/GDPR Article 25: Data protection via technology design and privacy-friendly presettings
The solution: Privacy masking, pixelation, central user administration
This setup can be used to set which cameras should be activated and which pictures can be viewed, saved and searched for. The "Privacy Masking" function allows individual definition of the pixelation of an area or of faces. This pixelation can only be decrypted using dual control. You can save live images, stored images and exports from metadata or transcodings. The setting of the date by which the data should be available, or from when it can be overwritten, is determined by the administrator or the data protection officer.
Using the Central User Administration (CUA), a central access rights management system with distribution throughout the entire system for G-Core, the administrator also uses password assignment to define all rights regarding the viewing, evaluation, transfer and export of live images and saved images. It controls camera-level permissions, work station-dependent permissions, live and stored image permissions, and time-lapse stored images. The decryption is controlled via the CUA using dual control, and passwords are saved.
Article 17 GDPR: Right to Erasure ("right to be forgotten")
The solution: Deletion by overwriting
Data is deleted by overwriting it. How long the images are to be available depends on three factors: Storage capacity, number of events, resolution of images. Access is precisely set by the administrator using time lapse authorization.
Federal Data Protection Act FDPA §9: Technical and organizational measures
The eight data protection requirements relate to access controls, transmission control, input control, job control, availability control and the separation rule.
Access control 1
The purpose of the first access control is to prevent unauthorized persons from being able to "get near" data which is inaccessible to them.
The solution: Geutebrück customers clearly define who, and when and where access is gained to buildings, rooms or areas - or not.
Access control 2
The purpose of the second access control is to prevent unauthorized persons from operating or using data processing systems.
The solution: Geutebrück customers determine whether a person has access to the IT system.
Access control 3
The purpose of the third access control is to ensure that only authorized persons can and should access and use the data.
The solution: Geutebrück customers only grant access to the data to authorized persons. There is password-protected access, integration into Windows domain management (single sign-on), encrypted data storage via proprietary GBF image format, encrypted communication, port-based network access for authentication of cameras, encryption between recorders (server) and client (viewer), encryption G-Sim to DVR or to OpCon, port-based network access control for cameras, Bitlocker integration into Windows for encrypting drives, and last but not least the certified interfaces (SDK).
This concerns the legal guarantee of data protection, not the logging of the transmission.
The solution: Geutebrück users guarantee this by data transmission with passwords, encrypted export, export with watermark for verification of authenticity, customizable storage options (network drive or non-local media), exports of pixelated areas, generic video formats with a Geutebrück-RSA-1024 signature and watermarks with an M4A signature, as well as certified SDK interfaces for the connection to G-Core.
The input control logs whether and by whom personal data has been entered, modified or deleted.
The solution: Geutebrück owners use the Audit Trail. It monitors attempted actions taken after logging in at the work station (including those that are carried out without permissions), a selection of the cameras used, viewing duration, searching for and exporting images, modifying settings and processing alarms.
This concerns data that is processed by representatives i.e. “on behalf of”, including by external persons.
The solution: Geutebrück experts define job control. This determines the regulation of activities and authorizations.
The availability control protects data from destruction or loss, but also defines who is permitted to use the data at what times.
The solution: Geutebrück specialists control availability via the redundant systems Multispare, Failover and Edge.
Rechte an User vergebenRechte an User vergeben
The separation rule guarantees the separation of data according to its purpose.
The solution: Geutebrück users define the appropriate permissions for each user.