Get a better grip of GDPR documentation and processes using ocucloud.
How can ocucloud support the need for documentation of processes in a business world to be able to support a better grip of GDPR and data legislation, when you are keeping video data stored in a cloud environment?
Recordings from video surveillance are data and must be treated as sensitive personal data.
Internal processes are required together with the ability to deliver documentation for compliance. And for that purpose centralized management can be of great value. Each single company carry the sole responsibility to make their own processes securing compliance to existing legislation incl. GDPR. And this task can be an extensive task for any company.
Here is a list of areas relevant for video surveillance with the need of processes and compliance documentation:
- Where are video data stored?
- For how long do you keep video data stored?
- Who has access to video data?
- ”The right to be forgotten.”
- Any person can demand to see video content of him/herself.
- Blurring of irrelevant persons at export of video files.
- Who has seen what and when?
Where are video data stored?
To comply you must be able to document, where data are stored. Is available in ocucloud.
On a global basis, it is difficult to have a centralized overview of local rules and legislation. Ocucloud allows companies and organizations to choose data storage location picking Microsoft Azure datacenters with addresses all over the world. It also allows companies to choose datacenter to comply with local rules and legislation.
For how long do you keep video data stored?
Documentation per every single camera is required. Is available in ocucloud
As rules and legislation vary from country to country or region to region, it is important to decide on period to keep data stored and to be able to document compliance. Many installations have the need to differentiate the number of days stored – depending on what is recorded and where it is recorded.
Who has access to video data?
Must be documented to meet compliance. Is available in ocucloud.
You need to be able to identify individuals with access to personal data and define individual rules for this. A log can document who, what, and when in deep details.
3 rd parties like police etc. can require access to data. In ocucloud you can allow up to 24 hours access to data. Remember to have a process to document any granted temporary access, as this also is registered in a log file.
The right to be forgotten, any person can demand to see video content of him/herself and blurring of irrelevant persons at export of video files.
Is available in ocucloud.
Easy search and export of video clips is an important feature. At the same time, blurring of irrelevant persons etc. is required prior to handing over any personal data to any 3rd party. And delays with loss of data are not an accepted excuse.
Who has seen what and when?
Log files are available in ocucloud.
By using ocucloud, documentation of compliance is made easier. As intelligent video surveillance moves to the cloud, processes to comply to GDPR rules must be in place to avoid large fines. And remember to have and maintain processes for registration, onboarding, and removal of users and their user rights. A process for registration of short-term access to the system (i.e. 24 hours) for 3rd party users is also required.
Preparations for NIS2.
The NIS2 Directive aims to improve the existing cyber security status across EU in different ways. From 18th October 2024 all EU members must have local legislation in place. The NIS2 Directive is applicable for companies cross critical and sensitive sectors in the infrastructure. At ocucloud, we intent to support our customers to be able to document compliance with NIS2.