Draft27-12
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
A section in the industry-leading magazine for installers, integrators, big or small - in short, everyone who provides a<br />
commercial supply, installation or consultancy service.<br />
Here you can read about new standards, equipment, ideas - whatever you want to know more about.<br />
Editor - Mark Rowe<br />
mark@professionalsecurity.co.uk<br />
Data deadline is ticking<br />
54<br />
Paul Reeve<br />
Steve Martin<br />
More details: For more<br />
on the GDPR, visit the<br />
website of the Information<br />
Commissioner’s Office<br />
www.ico.org.uk.<br />
Personal data protection will<br />
become increasingly important<br />
with the introduction of new<br />
rules on May 25, 2018. Known as the<br />
General Data Protection Regulation<br />
(GDPR), the rules are set to have<br />
a major impact on businesses in<br />
our industry, in two differing ways,<br />
writes Paul Reeve, the electrical<br />
trade association ECA‘s Director of<br />
Business; and Steve Martin, ECA<br />
Director of Technical.<br />
What to know<br />
Firstly, almost all businesses need to<br />
take note of the broader issue of<br />
protecting the data of individuals<br />
when developing their company<br />
systems and managing customer<br />
records. At present, the Data<br />
Protection Act 1998 (DPA) places<br />
certain requirements on businesses,<br />
but the GDPR will go significantly<br />
further than the DPA. The GDPR will<br />
apply to the processing of any<br />
personal data within a company, and<br />
significantly, it will give individuals<br />
more influence over the information<br />
organisations hold on them, and how<br />
it is used. Businesses will need to<br />
ensure that individuals can withdraw<br />
their data sharing consent easily, and<br />
significantly, also have the right to<br />
have their records deleted promptly.<br />
Individuals will also be entitled to ask<br />
for a copy of all data being held in<br />
relation to them, and an explanation<br />
of what it is used for.<br />
IN BRIEF<br />
Tracking software product company<br />
Vismo, which offers a downloadable<br />
app for smartphones, iPhone and<br />
Android, and satellite phones, has<br />
gained ISO 27001 certification, the<br />
international standard for information<br />
security management ... The Cass<br />
Entrepreneurship venture capital fund<br />
has made a growth equity investment<br />
into lone worker safety app and<br />
cloud-based monitoring service<br />
StaySafe. p<br />
DECEMBER 2017 PROFESSIONAL SECURITY<br />
Accountable<br />
Those businesses that hold the<br />
original data will also be accountable<br />
for how any third parties use personal<br />
data, and could face penalties due to<br />
non-compliance by these others.<br />
Another key element for engineering<br />
services businesses is how data<br />
protection will interplay with the built<br />
environment, such as integrated<br />
technology and security systems<br />
within buildings. Crucially, the ability<br />
to identify an individual depends<br />
partly on data held, and partly on<br />
other data gathered by the building<br />
infrastructure and sensors. This<br />
information held could well qualify as<br />
‘personal data’.<br />
Example<br />
To give an example, physical access<br />
control if installed in a building will<br />
transmit, receive, store, and even<br />
remotely monitor data. The data<br />
produced from this alone may not<br />
identify the occupants. However, if<br />
access fobs are assigned or tagged to<br />
employees, or even if video,<br />
biometrics or facial recognition is<br />
used, then that stored information will<br />
become personal data, as individuals<br />
and their movements would be<br />
identifiable. Ensuring that intelligent<br />
installations can be protected against<br />
hacking could be significant to<br />
contractors and installers. If a system<br />
becomes compromised, then IT<br />
systems could be hacked and data<br />
stolen, destroyed or manipulated,<br />
thereby putting constructors and<br />
contractors at risk of non-compliance.<br />
Many engineering services businesses<br />
are already well placed to help clients<br />
with cyber issues from device<br />
selection and maintenance, to systems<br />
integration. However, taking full<br />
advantage of this opportunity will<br />
mean extending skillsets.<br />
Non-compliance<br />
If an organisation experiences a data<br />
breach, the GDPR requires this to be<br />
reported to stakeholders and the<br />
regulatory authorities within 72 hours<br />
of the breach being discovered. The<br />
Information Commissioner’s Office<br />
(ICO) can audit a business at any<br />
time from May 25, regardless of<br />
whether a breach has occurred. Noncompliance<br />
with the regulations could<br />
lead to significant fines of up to four<br />
per cent of revenue. While there is<br />
some commercially-driven hype<br />
about what’s needed for even small<br />
business to comply with GDPR, the<br />
new regulation will apply to the bulk<br />
of small and large businesses in our<br />
sector, and there is no room for<br />
complacency. The clock is ticking to<br />
May 2018 and new, practically useful<br />
personal data protection systems will<br />
need to be identified and set up. With<br />
this in mind, now is the time for<br />
businesses to consider what GDPR<br />
means for them, and to start creating<br />
what they need for compliance. p<br />
NSI GOLDS<br />
At the Plymouth-based security<br />
contractors Securi-Guard Fire<br />
and Security, its tech systems<br />
and guarding divisions have<br />
attained the new BS EN ISO<br />
9001:2015 International Quality<br />
Standard, after NSI audit.<br />
Pictured left to right are David<br />
Campbell Operations Manager<br />
– Security Guarding Serivces;<br />
Scott Boyd, MD Securi-Guard Fire and Security; and Bob Truesdale, Fire and<br />
Security Systems Manager. p<br />
www.professionalsecurity.co.uk<br />
p54 InstallA 27-<strong>12</strong>.indd 1 17/11/2017 19:11