Axxon One VMS GDPR Compliance

Privacy and Data Protection

Privacy Masking

Axxon One VMS includes advanced Privacy Masking capabilities, which automatically blur individuals and objects in video footage. This feature helps to ensure that personal data, such as identifiable facial features or license plates, is protected from unauthorized viewing.

Role-Based Access Control (RBAC)

The system employs a robust RBAC mechanism that restricts access to video footage based on user roles. Only authorized personnel can view unmasked video, ensuring that personal data is accessible only to those with a legitimate need.

Configurable Data Retention Policies

Axxon One VMS allows organizations to set data retention policies that automatically delete video footage after a specified period. This feature ensures that personal data is not kept longer than necessary, reducing the risk of misuse or unauthorized access.

Encryption and Secure Data Handling

The system implements strong encryption protocols for both data in transit and at rest, ensuring that video footage is securely protected from unauthorized access. By safeguarding personal data through encryption, Axxon One VMS reduces the potential impact on the data subject’s privacy and security.

Data Management and Compliance

Data Protection Impact Assessment (DPIA)

Axxon One VMS includes advanced functionalities such as facial recognition and AI-based analytics that may require a Data Protection Impact Assessment (DPIA) under GDPR Article 35. It is the responsibility of the Data Controller to conduct a DPIA when using Axxon One VMS in a way that could pose high risks to data subjects’ rights and freedoms.

Confidential and Tamper-Proof Video Data Export

Axxon One VMS ensures that exported video data, including privacy masks, remains confidential and tamper-proof. Exported video files merge video and privacy mask layers, making it impossible to remove privacy masks post-export. Only authorized roles can export unmasked video, and additional privacy masks can be configured if required.

Data Subject Access Rights

Axxon One VMS provides tools to easily locate and retrieve data related to specific individuals upon request, supporting compliance with Article 15 (Right of access by the data subject). It also allows personal data to be exported in a commonly used, machine-readable format, and options to permanently delete data upon request, ensuring compliance with the right to erasure (Article 17).

Security and Incident Management

Audit Logs

All user activities are logged, providing a detailed audit trail for transparency and accountability. Logs are protected against tampering, ensuring their integrity and reliability.

Incident Management

Axxon One VMS includes real-time alerts for immediate notifications of suspicious activities, facilitating a quick response to potential security incidents. Integrated tools for documenting and reporting security incidents ensure compliance with GDPR requirements.

Network Security

Network Features Supporting GDPR Compliance

Axxon One VMS includes several network features that enhance security and compliance with GDPR requirements:

• Secure Communication: The system supports Virtual Private Networks (VPNs) and TLS/SSL encryption to establish secure, encrypted connections between remote sites and the central server.
• Network Segmentation: Virtual Local Area Network (VLAN) support allows administrators to segment the network, isolating sensitive data and reducing the risk of data breaches.
• Intrusion Detection and Prevention: Integrates with Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect and prevent network-based attacks.
• Network Monitoring: Provides tools for continuous network traffic monitoring to promptly detect and respond to incidents.