The initials GDPR have become synonymous with the need for companies within the European Union to provide consumers greater transparency and better control over their personal data. The General Data Protection Regulation (GDPR) has also increased awareness of privacy concerns around the world.

It’s not the only factor highlighting a need for greater privacy – high-profile privacy breaches by companies such as Facebook are also driving the trend. But GDPR’s global impact cannot be denied.

In fact, no company should assume that the need to address “GDPR-style” requirements is limited to the EU. As awareness has extended to the four corners of the globe, it has emboldened a new wave of laws and regulations that physical security companies ignore at their own peril. GDPR has increased awareness of privacy concerns around the world, and encouraged other areas to take notice

GDPR also regulates how and if data about EU citizens can be transferred outside EU member states’ borders; the receiving country should have equal or better data protection laws in place. This factor also expands the potential impact of GDPR globally.  

California's Consumer Privacy Act 2020

California, which has the world’s fifth largest economy, passed a law this year that some have called “GDPR Lite.” The law gives the state’s 40 million residents the right to view private data held by companies, to correct it, to request that it be deleted and to keep it from being sold to third parties. California’s Consumer Privacy Act takes effect in 2020 and could be amended in the interim.

The California law was passed quickly – and unanimously – by the state Assembly and Senate and was signed by Gov. Jerry Brown when it became clear that a ballot initiative was being organized to address the issue of privacy. In California, initiatives can be placed on the ballot by collecting signatures to require a direct vote by the electorate. Once passed, ballot initiatives are difficult to amend, requiring a two-thirds vote of state lawmakers. By passing the law, California’s legislature averted a proposed privacy initiative on the fall ballot.  GDPR also regulates how and if data about EU citizens can be transferred outside EU member states’ borders

There are differences in the California law and the European Union’s GDPR. For example, the California law only applies to companies that have annual gross revenues in excess of $25 million, that hold data on more than 50,000 people or that derive more than 50% of their annual revenues from the sale of personal information. Therefore, most small businesses are immune to the law’s requirements. However, the existence of the California law is a harbinger of more regulations to come, on the state or federal level.  

In another development related to the physical security industry, California has passed an Information Privacy: Connected Devices bill that requires electronics manufacturers to equip Internet of Things devices with “reasonable” security features – no more passwords such as “admin,” “password,” or “1234.”

data protection California physical security
California’s Consumer Privacy Act is modeled under the General Data Protection Act 

Expanding the definition of personal information 

Other states are also getting involved. All 50 U.S. states have enacted breach notification laws requiring businesses to notify consumers if personal information is compromised. For example, Alabama’s new law, passed in June, applies to “unauthorised acquisition of sensitive personally identifying information in electronic form.” Many state laws are expanding the definitions of personal information and increasing cybersecurity requirements as they relate to that information. Globally, rapidly growing adoption of data protection laws is often modeled on regulations such as GDPR

The problem with a “patchwork” of state requirements is the possibility that businesses may be caught unaware when state laws have different specific requirements addressing the same general mandate. At the federal level, there have been calls for a data breach notification bill that would provide a single set of rules for organisations to follow.  

In general, privacy is seen differently in the U.S. than in the E.U., due in part to history and a U.S. commitment to the First Amendment. The U.S. also tends to address privacy rights based on the category of information being considered; i.e., HIPAA requirements cover health information and the Gramm-Leach-Bliley Act regulates financial information.

Globally, rapidly growing adoption of data protection laws is often modeled on regulations such as GDPR or on the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. According to the United National Conference on Trade and Development, more than 100 countries around the world now have data protection legislation in place.

Protecting and managing data

All 50 U.S. states have enacted breach notification laws requiring businesses to notify consumers if personal information is compromisedWhen you consider the impact GDPR has had on the physical security market, the possible new hurdles can boggle the mind as additional privacy requirements take hold in the U.S and around the world. Challenges range from worries about management of access control and video surveillance data to concerns about biometrics. The success of new technologies using artificial intelligence (AI) depend on access to large data sets, so ensuring that data is protected and managed correctly is paramount.

The genie is out of the bottle. GDPR may be driving the first wave of privacy concerns, but there is much more to come. Anyone who dismissed GDPR as a “European” factor is missing an opportunity to address issues proactively and to ensure optimum management of data privacy and transparency in the future.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Larry Anderson Editor, &

An experienced journalist and long-time presence in the US security industry, Larry is's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Intersec 2021 cancelled, Messe Frankfurt announces that Dubai trade fair will now take place in January 2022
Intersec 2021 cancelled, Messe Frankfurt announces that Dubai trade fair will now take place in January 2022

Intersec, the world’s renowned security, safety, and fire protection trade fair, has been rescheduled to take place in January 2022, organiser of the trade event, Messe Frankfurt Middle East confirmed on September 24, 2020. The 23rd edition of the three-day event was originally set to run from January 24-26, 2021, at the Dubai World Trade Centre, in Dubai, UAE. However, the event has now been moved to 2022, after extensive consultation with key industry stakeholders. Intersec Dubai 2022 “We’ve spoken to many of our exhibitors, industry trade associations, supporters, and partners over the last couple of weeks and have heard first-hand the many challenges they’re facing putting pressure on their ability to participate at Intersec in January 2021,” said Alexandria Robinson, Intersec’s Show Director at Messe Frankfurt. He adds, “Moving Intersec to its customary January dates in 2022 at the Dubai World Trade Centre will allow time for recovery.” Webinar series in 2021 Ms. Robinson said Intersec will be very active throughout 2021, via its ongoing webinar series Ms. Robinson said Intersec will be very active throughout 2021, via its ongoing webinar series, while the team is now working towards creating a virtual event early next year, so as to engage industry leaders, regulators, government agencies and opinion formers. “We might be restricted physically, but we know there is a definitive need for critical conversations and discussions to address the challenges the industry has faced,” said Robinson. Digital forum to share ideas and solutions He adds, “By hosting these talks via a digital forum, it enables us to keep connected to the industry and nurture our existing relationships, whilst sharing solutions and common goals. We’ll share further details and plans about the digital event in the coming weeks.” Intersec’s popular free-to-attend webinar series, of which there’ve been 11 so far in the last four months, have kept thousands of attendees abreast of the latest industry trends and opportunities. Ensuring safety in COVID-19 pandemic period “We know we have a vital role to play in connecting and supporting the industry, and the Intersec webinars stimulate meaningful conversations, collaborations and success stories,” stated Robinson, adding “We will continue to run these and support our stakeholders in every way possible until we meet again personally, and safely, at Intersec 2022.” She further said, “One thing is absolutely certain, our community is resilient and will bounce back. It has been involved in many frontline situations throughout the course of this year and it will continue to play a critical role in the months ahead. Throughout 2021 and come January 2022, we’ll have much to share and learn from each other.” Intersec 2020 Intersec in 2020 featured 1,100 exhibitors from 56 countries, while attracting 33,872 visitors from 135 countries. The global industry event is supported by Dubai Civil Defence, Dubai Police, the Security Industry Regulatory Agency (SIRA), Dubai Police Academy and Dubai Municipality.

What is the role of higher education to create next-gen security leaders?
What is the role of higher education to create next-gen security leaders?

Traditionally, security industry professionals have often come from backgrounds in law enforcement or the military. However, the industry is changing, and today’s security professionals can benefit from a variety of backgrounds and educational disciplines. The industry’s emphasis on technology solutions suggests a need for more students of computer science, engineering and other technology fields. The closer integration of security with related disciplines within the enterprise suggests a need to prepare through a broad array of educational pursuits. We asked this week’s Expert Panel Roundtable: What is the role of higher education to create the next generation of physical security leaders?

Transport security: utilising the cloud to manage passenger flow and improve health & safety
Transport security: utilising the cloud to manage passenger flow and improve health & safety

Throughout the COVID-19 pandemic, ensuring the safety of passengers and staff aboard public transport has been an ongoing concern. The scenes of underground trains, still packed with commuters as infection rates soared, will have raised alarm bells with bus and train managers, transport officials and government representatives alike. Now, as infection rates hold steady and people slowly return to the workplace, a rise in commuter levels, coupled with a need for strong infection control protocols, is putting a strain on an already overburdened transport system. Managing passenger flow through bus terminals and train stations, while ensuring adherence to social distancing and mask-wearing policies, can be a difficult task. On buses and trains, staff have the unenviable task of challenging any individual who flouts the rules, while attempting to maintain safe operation for the benefit of all passengers. This is where advances in digital surveillance technologies can play an important role in enhancing security, improving operations and supporting the customer facing teams in their day to day roles.  The power of the cloud Keeping businesses afloat and people connected throughout the pandemicCloud or hosted technology has played an important part in keeping businesses afloat and people connected throughout the pandemic. When it comes to physical security such as video surveillance and access control, today’s cloud-enabled systems are far removed from the outdated CCTV and manual access control technologies employed in the past. Cloud connectivity brings with it many benefits, from a security, operational and also business intelligence point of view, thanks to the powerful data that these solutions produce which can be used to inform decision making. The advantages of cloud-based physical security technologies are many, and have wide ranging applications for all areas of the transport sector; across stations, transport hubs and vehicles. When used to support staff and complement existing processes, such systems can prove invaluable for transport professionals in helping to create a safer working environment, promoting confidence among personnel and passengers, and assuring passengers who are fearful about the current pandemic that all possible precautions are being taken during their journey. Managing occupancy across bus and rail Monitoring the movement of staff and passengers is an essential part of being able to maintain a safe operation. Through the utilisation of surveillance cameras at entrances and exit points, as well as at key areas within transport terminals and on the transport mode itself, occupancy thresholds can be determined to ensure passenger numbers do not exceed safe limits. Network surveillance cameras, accessed via mobile device, can enable transport officials to check passenger flow in real-time, while live alerts to warn that health and safety protocols are being breached, enable swift drafting of security or operations personnel to address the situation. Live alerts to warn that health and safety protocols are being breached Through internet of things (IoT) connectivity, additional devices can be easily added to complement the surveillance solution and unlock further benefits. Network audio speakers can be triggered to play pre-recorded messages to alert or inform passengers. Similarly, frictionless access control, enabling customers and staff to move ‘hands-free’ through gateways and ticket checkpoints to avoid viral spread, is made possible by having an access reader which is activated, for example, via QR codes on a mobile phone. And when access readers are integrated with surveillance cameras, this will act as a second layer of authentication to grant or refuse access based on valid staff credentials. Improving security in challenging times Such technologies, interconnected and able to share data, can be used to more effectively report in real time on activity that threatens to have an adverse effect on passengers, staff and the transport environment. Significant parts of the rail network are relatively unmonitored, and inevitably these areas are more vulnerable to vandalism. Similarly, on bus services, abuse of passengers and staff, and acts of criminal behaviour remain a concern. By alerting security staff to a developing situation before it occurs, an incident can be dealt with quickly, minimising disruption to transport services. Cloud based technology can be relied on Cloud based technology can be relied on to not only help improve current services, around passenger occupancy in the current pandemic, but also to help transport officials plan for the security challenges of the future. Simple customisation and easy scalability, plus software upgrades and firmware updates to ensure the system is always up to date and operational, form essential components of a future proof solution which is capable of bringing peace of mind to the transport industry. Additionally, predicted future benefits include the potential for customers to check transport occupancy levels via a mobile app. This would inform them of particularly busy times of passenger transit, allowing more choice over when and where to travel based on real-time data, and ultimately helping to even out passenger numbers to balance journeys and greatly improve efficiency and flow. In a busy world where the demands on our rail and bus networks are now impacted by the COVID-19 pandemic, and indeed the possibility for further related challenges in the future, such cloud-connected technologies represent a worthwhile investment.