Professional Documents
Culture Documents
Video Security, Data Protection and Data Security
Video Security, Data Protection and Data Security
GD
VIDEO SECURITY,
DATA PROTECTION AND DATA SECURITY
GDPR
quo vadis, video security?
New laws: Increasing transparency requirements practice is unclear. Nevertheless, there are often national
regulations for video surveillance. Whether and to what
After a two-year transition period, since 25 May 2018 the extent such regulations are applicable, given the primacy
European General Data Protection Regulation (GDPR) is of application of the GDPR, remains subject to a decision
effective in all EU member states, and new national data in the respective, specific cases. In cases of uncertainty, we
protection laws have also been introduced. therefore recommend engaging a legal expert and/or cont-
This increases the requirements for transparency in proces- acting the data protection authority with jurisdiction.
sing of personal data and the requirements for data protec-
tion and data security.
Be cautious with GDPR certificates
GDPR
DATA PROTECTION DATA SECURITY
2
COMPANY PHILOSOPHY
single source of trust.
The Dallmeier strategy: consult interpretation aids... ...and provide technical answers
According to the opinions of experts and our opinion at In addition, Dallmeier recommends customers to imple-
Dallmeier, there will be many paragraphs and articles ment solutions which even today deliver the technical
concerning data protection law “on paper” after 25 May answers to the anticipated requirements.
2018. The final interpretation thereof in practical terms is
still not defined immutably by any means. Beyond of 2018 it Dallmeier can look back on more than 30 years of expe-
will be the subject of contentious debate and definition by rience in this field as a made-in-Germany manufacturer
the European data protection supervisory authorities, up of video security technology, whereby in Germany, for
to and including a final decision on disputed points by the example, high standards regarding data protection and
Court of Justice of the European Union. data security already applied before the GDPR.
Given the imprecise landscape of data protection law, we In this brochure we would like to show you how
therefore provide our customers with interpretation aids Dallmeier‘s holistic planning, solution and security
regarding GDPR-compliant video surveillance on page 19 of approach can help you to meet data protection and data
this brochure. security requirements pragmatically and sustainably
already today and in the future with the goal of effective
video security.
***
GDPR
.LOG
4
DALLMEIER GUIDELINE
„privacy by design“.
Private Zones
Limited retention
Data minimisation time of individual
with optional edge recording tracks
concept (MaxAge)
Pixelation
.LOG Logging and
Reporting
5
LATEST TECHNOLOGY FOR Data protection.
PRIVATE ZONES 3
ATM
PIXELATION H
6
LATEST TECHNOLOGY FOR Data protection.
B
48 h
7
LATEST TECHNOLOGY FOR Data protection.
Reporting
8
LATEST TECHNOLOGY FOR Data protection.
9
LATEST TECHNOLOGY FOR
Data security.
§§
ACCORDING
WHAT DOES THE GDPR SAY?
TO ART. 32 GDPR APPROPRIATE TECHNICAL AND
ORGANISATIONAL MEASURES ARE TO BE IMPLEMENTED TO GUARAN-
TEE THAT THE LEVEL OF PROTECTION IS COMMENSURATE WITH THE RISK
(„SECURITY BY DESIGN“).
10
DALLMEIER GUIDELINE
„security by design“.
***
End-to-End Encryption
Protection against hacker (Data and video stream)
attacks (Fail2Ban)
***
Recordings for
court use
Four-eyes-
4
login-principle
User group
management
Secure network
authentication
(IEEE 802.1X)
Security
Gateway
Failover- and
redundancy
mechanisms Backdoor
protection
11
LATEST TECHNOLOGY FOR Data security.
FOUR-EYES-LOGIN-
4
PRINCIPLE
Access to Dallmeier appliances can be limited to authentication
based on the four-eyes-login-principle. In that case, access is only
possible with an additional password from a second person.
27 28 29 30 31
72 h
48 h
For each user group, the periods of the recordings that they can access can be limited. Images that are older than the set
period can not be evaluated.
12
LATEST TECHNOLOGY FOR Data security.
MANAGEMENT LIVE
User B // User
LIVE
136.142.74.1
33.225.109.12
16.114.177.226
122.111.131.99
233.23.185.151
37.113.16.89
168.85.190.104
13
LATEST TECHNOLOGY FOR Data security.
BACKDOOR
PROTECTION
In-house development of all soft-,
hard- and firmware for Dallmeier solu-
tions prevents hidden access. Hardened
operating systems of the camera and
recording systems prohibit infiltration
with malware.
Switch with
Authenticator
2
1 ?
4 3
Client with
Supplicant RADIUS
Authentication
Server
14
LATEST TECHNOLOGY FOR Data security.
END-TO-END ENCRYPTION
(DATA AND VIDEO STREAM)
Both data and video transmission
between the latest Dallmeier systems can be 2
end-to-end encrypted with TLS 1.2 / AES 256 bit.
1 4 3
15
LATEST TECHNOLOGY FOR Data security.
SECURITY
GATEWAY
The Dallmeier recording appliance acts as a
security gateway / proxy server of the video
system, preventing unauthorized access and WWW
Dedicated
Security
Gateway
Record to RAID
Traffic switch to
Network error second interface
16
LATEST TECHNOLOGY FOR video data Processing.
The integrated functions of the Dallmeier data protection and data security module fully protect the video security system
and contribute to GDPR compliance.
COLLECTION
TRANSMISSION
Secure network Time limited access Security-Gateway End-to-End Encryption
authentication (MaxView) (Data and video stream)
(IEEE 802.1X)
STORAGE
***
ACCESS
.LOG
4
Logging and User group Four-eye principle Pixelation Panomera® effect
reporting management for data protection
17
COMPANY PHILOSOPHY
single source of trust.
All products are developed and manufactured at Dallmeier‘s own production facilities in Germany. Made by Dallmeier,
made in Germany. Because data protection and data security are a matter of trust – especially when it comes to video
security.
18
ADDITIONAL information.
Visit our web page dedicated to the subject of video security and the
GDPR. There you will find additional helpful information collected conveni-
ently in one place:
DSK
In July 2017, the German Data Protection Conference (Datenschutzkonferenz, abbr. DSK) star-
ted to publish guidelines on GDPR. In these short papers, further interpretations on some es-
sential topics and articles of the GDPR are presented.
19
Germany
Bahnhofstr. 16
93047 Regensburg
www.dallmeier.com
info@dallmeier.com
Tel: +49 (0)941 8700-0
Fax: +49 (0)941 8700-180
Dallmeier electronic GmbH & Co.KG
Trademarks which are designated by ® are registered trademarks of Dallmeier electronic 01/2019 V2.1.0 Subject to technical changes and printing errors. All information is provided without guarantee and does not replace individual case related data protection advice. © Dallmeier electronic
Certain Dallmeier products include software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) and cryptographic software written by Eric Young (eay@cryptsoft.com).