printer friendly version

Suprema does data protection

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union as well as the export of personal data outside the EU. As an EU provider of biometric access control solutions, Suprema has anticipated the regulation by providing key technical features to comply with GDPR.

Recently showcased at IFSEC 2018 in London, Suprema provided a full demonstration of its GDPR-ready solution to help systems integrators and customers understand trusted best practices to keep people and organisations safe and secure.

When it comes to access control, GDPR requires that organisations implement appropriate technical and regulatory measures to provide security against certain risks. Suprema’s latest access control security solution now offers comprehensive GDPR-compliant features including:

• Secure biometric data protection through templates: Raw images of the fingerprints/faces are never stored in the device or server. All data is stored in templates, which are encrypted by 128 bit AES, 256bit AES, or DES/3DES depending on the designated storage location (i.e. device, server and/or smartcard).

• Protection against transactions, malware and data breaches: TCP communication of data within the system is secured using TLS 1.2 (including SSL/HTTPS). This ensures that no sensitive data is compromised during the communication between the devices and the central server.

• Physical protection of privacy data on edge devices: All Suprema devices are equipped with a secure tamper feature, which ensures the security of data stored in the devices. If the device is removed from the wall and tampered with, the secure data (biometric templates, user ID, logs) within the device will automatically be deleted.

• Personal data protection by ‘access on card’: With Access on Card (AoC) technology, Suprema provides system designers with the option to store personal data only on smartcards. All personal data and credentials are not stored on servers or devices, but only on his/her smartcard.

• Management of personal data lifecycle: In accordance with GDPR, Suprema makes it possible in BioStar 2 for event logs and data stored in the server to be automatically deleted after a certain period of time (set by the administrator). This is in line with the ‘right to be forgotten’ requirement in the GDPR.

• Authentication for data access: With the latest update of BioStar 2, Suprema’s open-architecture security platform, system administrators can fully customise an individual’s access rights, to personal data information, according to their organisational requirements.

• Providing proof of compliance: BioStar 2 delivers comprehensive audit logs.

For more information, contact Suprema, +27 11 784 3952, [email protected], www.suprema.co.za

Share this article:

Further reading: