Uniview was the first company in security industry who signed strategic partnership agreement with TÜV Rheinland to work on the certification about product privacy protection derived from General Data Protection Regulation. Now Uniview has passed TÜV Rheinland’s test and is honored the first certification in compliance with GDPR in the global video surveillance industry.
What is the GDPR?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR is a replacement of the 1995 Data Protection Directive (Directive 95/46/EC).
The GDPR becomes effective in May 25th 2018, it entitles the individual new rights, and requires a high level of corporate accountability.
The GDPR applies to any organization have access to EU citizens and residents’ personal data. And those companies fail to comply may risk a fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater.
Personal Rights under GDPR regulations
Personal data within video surveillance could be defined as information that could identify an individual.
All residents from EU have following rights regarding personal data:
- Right to consent: a clear and concise manner is implemented to inform individual what’s been collected and how it’s being processed, and this consent can be withdrawn
- Right to access: right to know what’s been collected and how it’s being processed
- Right to correction: right to restrict data processing or right to demand correction of inaccuracies in individual personal data stored on the server
- Right to data portability: individual is entitled to a copy of his/her data in generally accepted data format
- Right to data erasure: right to have his/her data deleted or blocked depends on case situation
To exercise rights list above, please contact our Data Protection Team (security@uniview.com) or local dealer for more details.
Corporate Accountabilities under GDPR Regulations
Companies should establish a complete mechanism to comply following principles or obligations:
- Data protection by design and by default: privacy by design requires privacy controls are to be embedded in the design of data processing and products, and data protection is considered throughout the lifecycle of any product. Privacy by default means strictest privacy settings are configured to prevent personal data breach risk inherently.
- Limit processing and limit access: limit processing means personal data is not processed unless necessary for specific and specified purposes, and the company has a mechanism ensure that only authorized users can access the data
- Limit data collection: minimization collection on personal data necessary for specific and specified purposes, and data processor should not keep any personal data longer than necessary
- Data protection impact assessments and prior consultation: prior consultation with relevant supervisory authority should be conducted if data processing is likely to result in a risk of personal data breach
- Appointment of Data Protection Officer (DPO): a security leadership role in a company who has right to supervise data processing, and data protection improvement projects to ensure company is in compliance with GDPR requirements, and communicate with Data Protection Authority (DPA)
- Continuous assessment and records of processing activities: company should keep records of all data processing activities and conduct continuous testing, assessment, and evaluation on products to prevent potential personal data breach risk
- Breach notification: braches must be reported to a DPA within 72 hours after the awareness of data breach, and inform data subject in a public communication or similar measure
Uniview Data Safety Assurance Measures
Uniview is fully aware of the server impact or damage of any potential data leakage, data protection mechanism is carefully designed during developing stage and thoroughly verified during testing stage.
- Uniview implements periodic and continuous vulnerability scanner on every production from both software and code aspects. All test reports are fed into the update management system once potential vulnerability was discovered, and Uniview has a full-time security team to track whole improvement projects.All testing reports and related safety improvements are properly and fully recorded for later review or investigation if needed.
- All UNV IP Camera sold in Mainland China have pass China Information Security Certification Center (CISCC) Reference Laboratory for Information Security Test.
- When users return UNV device for repair or replacement, devices will be stored to factory setting and all personal data or configurations will be erased completely and cannot be restored. This requirement also applies to Uniview local dealer.
- Uniview has a whole response mechanism in case data safety issue happened, Uniview will release related information, updates plans and links on website, and inform data protection supervisions or authorities within 72 hours.
Recommendations for Self-protection on Data Security
- Check and updates devices timely to get latest security protection, visit www.uniview.com to get latest software version
- Change password periodic and keep password and devices at secured place. Uniview highly recommend users to use strong password which is 8 characters length minimum and include at least two of following: capital and lowercase letter, number, underscore and hyphen
- Configure whitelisting of IP address, assign which IPs can access to the devices
Univew and GDPR Compliance
Uniview is the pioneer and leader of IP video surveillance. Uniview has complete IP video surveillance product lines including IP cameras, NVR, Encoder, Decoder, Storage and Client software and app, covering a diverse vertical markets including retail, building, industry, education, commercial, city surveillance etc.
Uniview has always been committed to protection of personal privacy and data security. UNV product has been designed and manufactured to satisfy the principles of legality, fairness, and transparency in terms of personal data processing. Much effort has been made to keep personal data secured, and to be in compliance with GDPR.
For any query on data processing or data safety suggestion, please send mail to our Data Protection Team: security@uniview.com
About TÜV Rheinland
TUV Rheinland is a global leader in independent inspection services, founded 145 years ago. The group employs 19,700 people around the globe. Annual revenue is more than EUR1.9 billion. The independent experts stand for quality and safety for people, technology and the environment in nearly all industrial sectors and areas of life. TUV Rheinland inspects technical equipment, products and services, and oversees projects, processes and information security for companies. Its experts train people in a wide range of careers and industries. To this end, the company operates a global network of approved labs and testing and education centers. Since 2006, TUV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption.