In the VMS context, this is often not fulfilled due to overriding legitimate interests (fraud detection, health, and safety) or other business purposes stated in the Video surveillance policy (see Right to be forgotten (Right to erasure) and Appendix: Video surveillance policy). Some companies offer blurring as a service (for example, FACIT Data Systems).Īccording to Article 17 of the GDPR, the data subject has the right to ask for the deletion of their data. Alternatively, blurring can be added to single images or video streams either manually or assisted after export. Several Milestone technical partner solutions for dynamic blurring of all or other persons before export can be found on Milestone Marketplace. More so, XProtect VMS does not support the masking of other persons who are moving who are recorded together with the claimant for the right of access. In the VMS context, see Appendix: On-the-spot notice. The data subject is granted the right to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing.īecause XProtect VMS does not support automatic identification of individuals, you must put in place additional measures to safeguard the individuals’ rights. Masking individuals in the case of accessĪccording to Article 15 of the GDPR, the data subject has the right to get access to his or her personal data that is being processed, for example, video recordings of the data subject. Please be aware: Unencrypted and non-secured transport of video data would violate the EuroPriSe seal and lead to the loss of the EuroPriSe privacy seal compliance. For information about securing your XProtect VMS installations, see the hardening guide and the certificates guide. Use a VPN encrypted network or similar if using Smart Client or Smart Wall from a remote location.Įnable encryption for all communication. It is recommended that XProtect Smart Client and XProtect Smart Wall are on the same VLAN as the servers. It is recommended that you set the cameras on separate VLANs and use HTTPS for your camera to recording server communication, as well as clients to recording server communication. Milestone recommends that you select cameras that support HTTPS. Secure network for authentication and data transmissionĭesign a network infrastructure that uses physical network or VLAN segmentation as much as possible. If you are upgrading a Milestone XProtect VMS installation version 2018 R2 or earlier, the old log files must be deleted manually for the installation to be GDPR compliant.Īfter you have upgraded the XProtect VMS, the old log files can be deleted using the information and the tool described in this Knowledge Base article.
This does not install the Mobile Server.Īfter the XProtect VMS has been installed, the download page on the Management Server will list the additional DLNA Server and Mobile Server components. Instead, install the XProtect VMS system with either the Distributed or Custom options. This means that when you install the XProtect VMS, do not use the Single computer option in the installer, because it automatically installs the Mobile Server. These functionalities are also not compliant with the European Privacy Seal. In addition, the standard product does not perform facial recognition, behavior analysis, automatic tracking or recognition of persons in the live feed or the recorded media. Processing of data from input and output devices (disabled by default)įor the Milestone XProtect VMS installation to be covered by the European Privacy Seal, these components must not be installed.Processing of metadata (disabled by default).Processing of audio data (disabled by default).Milestone Open Network Bridge (secure private-to-public video integration).XProtect Transact (disabled by default).خادم XProtect Mobile (disabled by default).Plug-ins available on Milestone marketplace.The following components are not covered by the European Privacy Seal: A data controller / data processor deviating from these requirements cannot point out that he or she is using a product that especially facilitates data protection and GDPR compliance.Ĭomponents and devices that are not covered by the European Privacy Seal Please be aware: This section describes requirements and restrictions to be a European Privacy Seal (EuroPriSe) certified product.
Appendix: The Milestone XProtect VMS system and GDPR