Opportunities and challenges: Transparency in your supply chain
November 14, 2019
However, transparency and visualization inevitably means handling large amounts of data. Whenever you deal with Big Data, you also need to address data protection and privacy issues. This is true now more than ever with the coming introduction of the new General Data Protection Regulation, which will take effect 25 May 2018. Not just public institutions, but also companies need to be well prepared for this, because fines for infringements will increase enormously, up to EUR 20 million or 4% of the worldwide annual turnover in the case of a company.
In order to continue to reap the benefits of visualization, companies need to pay attention to data protection features of their video systems.
Tips on the new General Data Protection Regulation regarding the visualization of processes
Preparation is everything. Prepare the company well ahead of time and continue to develop your data protection management system. In addition to the increased fine levels, it is also important to take the interests of the employees and the works council seriously.
Restriction on use and transparency: Inform your employees as well as also other visitors to your company about the use of video systems. Pay attention to the principle of restrictions on use: Clearly define the purpose of the recordings and saving pictures and stick to it. For example, if you want to optimize processes, it may not be necessary to identify employees. With the right video software, no problem: Moving objects or entire image areas can be pixelated or masked in color and can only be made visible when absolutely necessary and in compliance with a two-person principle.
As a company, you are liable for data security! Personal data may not be passed on to third parties without permission; the responsibility is yours. Video images in particular can contain sensitive information. It is therefore extremely important for video systems to offer reliable protection mechanisms. A restrictive access rights management controls the user rights (for example, with two-person passwords) for each function of the system and effectively blocks attempted outside access. In addition, access for unauthorized persons can be prevented by encryption between cameras and recorders and between recorders and viewers. The video database and the storage media (for example, with BitLocker) should be encrypted for the same purpose.
Images should also be transferred in a tamper-proof format. If images are shared, an encrypted, password-protected image export format should be available.
In the new General Data Protection Regulation, documentation and verification duties are greatly expanded: Companies must demonstrate that they comply with the corresponding data protection principles. Documentation is the most important issue. Video systems can help you here in the area of visualization by automatically documenting all control activities in the video system. As a result, you always have proof of which user viewed a recording or parameterized cameras, for example, or when password-protected areas were activated.
In addition, always be prepared that affected persons or data protection authorities may request this documentation at any time.
Actively integrate your works council or employee representatives into your data protection management system. In particular, access rights management, pixelation of employees in the image and two-person passwords are proven methods.
Do you want to take advantage of the opportunities afforded by supply chain visualization, but you still have questions about the associated challenges? We would be happy to provide advice as part of a free initial consultation.
The solutions from Geutebrück also exactly fulfill those requirements above, as you can see in our short video.
Please note that this information is not exhaustive. Depending on the application, different measures may be necessary or effective. If necessary, consult your data protection officer or expert.