06 Sep Smart Cities World: Smart cities and GDPR: What’s next?
So, the General Data Protection Regulation (GDPR) has been introduced and city leaders are happy, knowing their IT people have instigated the right policy statements and that they have adhered to the regulations. But just how happy should they be?
What happens, for example, when someone submits a Subject Access Request (SAR)? The policy may be there, but are the systems in place to locate the data required to respond to an SAR, and has it been properly secured in the first place?
While much of the GDPR is about process, some elements can only be enabled and made manageable or cost-effective with technology. The challenge for city leaders, therefore, is to ensure that systems are in place that will find the data and protect it – not only from potential data breaches but also from incorrect handling by individuals.
GDPR provides citizens with the right to access, rectify, erase or restrict their personal data. Search is core to any technology implemented to support compliance with the regulation. Currently, many organisations will struggle to comply within the stipulated 30-day SAR window, and will breach the rules.
There is a particular risk within smart buildings due to their multitude of different systems. These include scanning of documents such as passports and other forms of ID for the issuing of ID tags, etc.; CCTV and facial recognition, used to scan people in public areas; and legacy facilities management systems which log users’ activities within the building, such as movements or secure room access.
There is a particular risk within smart buildings due to their multitude of different systems.
These systems use multiple file formats such as image, skin tone mapping or even proprietary file formats, especially on older systems. Therefore, scanning emails, Word or PDF documents and picture files – all of which could be in backup vaults as well, which is complex in itself – becomes a major task.
Read the full article here.