Security Check - Tip #1
"Your access control is only data protection compliant with a current software release."
Felix Hoellt, Deputy Vice President Product Management EAD Systems
Security Tips Legal security
Electronic access control and attendance recording solutions help you to protect sensitive data from unauthorised access. However, you should also keep in mind that they are processing person-related data on a daily basis. This applies to everyone who goes in and out of your company – employees, visitors and suppliers.
Time and again, I find that our customers regard electronic access control as an effective measure for complying with the data protection requirements. However, they are unaware that these systems must also be excluded from data misuse, and compliance with data protection must be ensured.
You need to be aware of and use the current state of the art
Hence my tip: if you want to be on the safe side, make sure you always have the latest software release for your dormakaba access solutions. Otherwise, there is the threat not only of vulnerabilities but also legal points of attack. If your software is up to date, security patches and the latest third-party software releases are supported, e.g. for your operating system or database. If you use cloud solutions, data security must also be guaranteed in the cloud.
The EU General Data Protection Regulation (EU GDPR) explicitly states that you should be aware of the current state of the art. In the event of monitoring by the supervisory authority, ignorance will not protect you from sanctions. Since May last year, penalties for data breaches may be as high as 20 million euros, or 4 per cent of global sales. You can find out more in our next Security Tip.
Data protection compliant access control is a question of technology and organisation
In recent months, we have advised many customers about the GDPR and its consequences for their access solutions. If they still had any doubts, we were able to show them whether or where action was needed.
Another important note: the latest technology and the latest software release will only benefit your company if your employees are aware of and trained in the topic of data protection. For example, if there are no password policies, if sensitive documents are not locked away or if computers are freely accessible, the door is open to data misuse.