Dallmeier’s easy implementation of GDPR-compliant video security equipment

Product Profile

The EU General Data Protection Regulation (EU GDPR) affirms the great importance of data protection and data security, but does not spell out any regulations relating specifically to video security systems. With the 14 functions of the Dallmeier module, businesses can configure their video systems individually so that each is compliant with the requirements of the EU GDPR.

The video solution must satisfy the criteria for data protection

With regard to data protection, which is to say the safeguarding of data protection principles and the rights of data subjects, Dallmeier offers four components, specifically the pixellation of entire individuals by “people masking”, the setup of “private zones” in the captured image to render public areas invisible for example, and the definition of the maximum storage duration for each camera. Optionally, Dallmeier customers can also use a detailed virtual 3D simulation as early as the project planning stage to define which areas are not significant for data protection purposes due to image quality. 

Data security is paramount in the EU GDPR – for video as well

For the requirements of data security, i.e. the protection of confidential or personal data from manipulation, loss or unauthorised access, the Dallmeier module offers ten functions in all. On the network level, the Dallmeier module provides authentication according to IEEE 802.1X, end-to-end encryption with TLS 1.2 / 256-bit AES in current Dallmeier systems, and with the “ViProxy” function, Dallmeier recording appliances fulfil the role of security gateway for the video system. Furthermore, all hardware, software and firmware solutions are developed in-house, which eliminates the possibility of hidden access through backdoors. 

On the recording level, compliance with EU GDPR regulations is guaranteed by the optional “dual control principle” for viewing recordings, the specification of recording time for each user group with “MaxView” and user group administration via AD/LDAP. Reliable detection and prevention of connection attempts is assured by the “Fail2Ban” function, corresponding failover and redundancy mechanisms during recording protect against data losses. Finally, LGC certification ensures that all criteria for judicial usability are fulfilled in the preservation of evidence. 

“It is no secret that the ultimate interpretation of the EU GDPR in practical implementation is in no way defined conclusively and will continue to be debated and defined intensely by the national and European data protection oversight authorities until long after the end of 2018”, says Jürgen Seiler, managing director of the Dallmeier consulting subsidiary davidiT. “Consequently, the best and simplest way to approach video security is to implement solutions which already provide the answers to all of the requirements that can be anticipated. With the 14 functions of our combined data protection and data security module, customers receive access to precisely this functional range in a form which is easy to both manage and configure.” 

Comprehensive brochure and webinar with solution and application demo on the subject

A comprehensive brochure on the subject is available and a webinar on the data protection and data security module will be presented on July 19th 2018 at 05:00 pm CET for interested decision makers and technicians. The webinar will provide a general overview of the topic and of the various functions and their configuration. Brochure and registration link can be found at:

https://www.dallmeier.com/en/events/webinars/information-on-eu-gdpr-and-video-security.html

Read more

Technical Specification

Make Dallmeier
Manufacturer Dallmeier electronic GmbH & Co.KG
Model code GDPR module
Additional info
  • Pixellation of entire individuals with “People Masking“
  • Setup of “Private Zones“
  • Specification of the storage period for each individual camera and recording track to guarantee deletion upon fulfilment of purpose
  • Rendering areas that are insignificant for legal data protection purposes visible with detailed, virtual 3D-simulation as early as the project planning stage
  • “Dual control principle“
  • User group management with AD/LDAP
  • A secure network authentication procedure according to IEEE 802.1X
  • End-to-end encryption with TLS 1.2 / 256 bit AES
  • Specification of the recording time for each user group.
  • Reliable detection and prevention of attempts to connect in the course of hacker attacks.
  • Capability to use recording appliances as the security gateway to the video system.
  • Development of all hardware, software and firmware solutions in-house, thereby preventing any hidden access potential via backdoors, and hardened operating systems
  • Failover and redundancy mechanisms against data loss
  • LGC certification for preservation of evidence
Download PDF version

See also