After four years of preparation and debate the General Data Protection Regulation (GDPR) was finally approved by the EU Parliament on 14 April 2016. The Regulation was adopted and published on 27 April 2016 and will be enforceable on and from 25 May 2018. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) whilst addressing the export of personal data outside the EU. It regulates the EU citizen data in every part of the world and in every organization processing or storing an EU Citizen’s data. The EU GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. This new law will have a profound impact on the operational and control environment of the organisations, not only within EU but also within the organisations based outside the EU including India. It extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations. However, in some areas, the precise interpretation of the GDPR remains unclear, and businesses therefore face uncertainty in terms of their compliance obligations. To address this issue, the GDPR is supplemented by guidance issued by the Article 29 Working Party (WP29), an advisory body made up of representatives of the national Data Protection Authorities of each EU Member State. Provision for Data Protection Officer (DPO) The GDPR has a mandatory provision for the appointment of Data Protection Officer by pertinent organisations. The role of Data Protection Officer (DPO) is an important GDPR innovation and a cornerstone of the GDPR’s accountability-based compliance framework. In addition to supporting an organisation’s compliance with the GDPR, DPOs will have an essential role in acting as intermediaries between relevant stakeholders e.g., supervisory authorities, data subjects and business units within an organisation. All organisations who will be required by the GDPR to appoint a DPO should do this as soon as possible and well in advance of May 2018. With the authority to carry out their critical function, the Data Protection Officer will be of pivotal importance to an organisation’s preparations for the GDPR and meeting the accountability obligations. A DPO may be a member of staff at the appropriate level with the appropriate training, however, GDPR also provides for an option of an external DPO who will be shared by a group of organisations. It is important to note that DPOs are not personally responsible where an organisation does not comply with the provisions of GDPR. The GDPR makes it clear that it is the Controller or the Processor of the organisation who is required to ensure and to be able to demonstrate that the processing is in accordance with the GDPR. Data protection compliance is ultimately the responsibility of the Controller or the Processor. Who needs a DPO For the first time Data Controllers as well as Data Processors are required to appoint a Data Protection Officer in three situations as per Article 37(1) of the GDPR. Where the processing is carried out by a public authority or body Any organisation that is a public authority or a public body must appoint a DPO. However, the GDPR does not define the expression ‘public authority or body.” Rather, the GDPR leaves it to each EU Member State to determine which organisations are public authorities and public bodies. Where a private business performs outsourced public functions on behalf of a public authority or a public body, the WP29 recommends that such business should appoint a DPO, not merely in relation to those outsourced public functions, but also in relation to all of the other data processing activities of that business, including processing activities that are unrelated to the outsourced public functions. Where the core activities of the Controller or the Processor comprise processing operations, which require regular and systematic monitoring of data subjects on a large scale Under this provision companies whose primary activities involve processing personal data on a large scale for the purposes of behavioural advertising, online tracking, fraud prevention, detection of money laundering, administering loyalty programs, running CCTV systems, monitoring smart meters etc., will be caught by the DPO requirement. Core activities can be defined as the key operations necessary to achieve an organisation’s (Controller or Processor’s) goals. For example, a private security company which carries out surveillance of private shopping centres and/ or public spaces using CCTV would be required to appoint a DPO as surveillance is a core activity of the company. On the other hand, it would not be mandatory to appoint a DPO where an organisation undertakes activities such as payroll and IT support, as while these involve the processing of personal data, they are considered ancillary rather than core activities. Where the core activities of the Controller or the Processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences Article 37(1)(b) and (c) requires that the processing of personal data be carried out on a large scale in order for the designation of a DPO to be triggered. Article 37(1)(c) addresses the processing of special categories of data pursuant to Article 9, and personal data relating to criminal convictions and offences set out in in Article 10. Qualifications Article 37(5) of the GDPR provides that a Data Protection Officer shall be designated on the basis of professional qualities, and in particular, expert knowledge of data protection law and practices, and the ability to fulfil the tasks referred to in Article 39. “It is important to note that DPOs are not personally…

Video management software has become an indispensable part of security and surveillance applications. With the advent of cloud-based video surveillance, the power of VMS cannot be limited to just video monitoring. The new age VMS systems with intelligent video analytics are capable of offering much more than surveillance. The cloud-based VMS systems not only fulfill comprehensive surveillance needs of the businesses, but also complement other business processes, which may directly or indirectly reflect into the business ROI. Whether it is a new VMS installation or upgradation of an existing VMS system, enterprises (considering their business processes to be more interactive, connected and integrated) prefer their on premise or remote business systems to be integrated with the cloud-based Video management software. Since every business and its processes are different, the video surveillance needs of the enterprises also vary from each other. With the availability of flexible and customized video surveillance and analytics services, enterprises find it challenging to pick suitable thirdparty systems and apps to support their preferred VMS system. Therefore, most of the enterprises are shifting towards Video Surveillance-as-a-Service with their system integrators or VMS service providers. Most of the VMS service providers and system integrators are offering an open source or vendor independent cloud-based video management software to their clients for the obvious reason of making VMS compatible with third-party systems and applications. Why do third-party systems need to be compatible with video management software The third-party systems in VMS can be defined as any of the systems, applications or devices used to support and enhance the functionality of a video management software in order to improve the security and business processes of an enterprise. There are hundreds of companies manufacturing security and surveillance devices (like IP cameras, NVRs, Audio Devices, GPS systems etc.), but all the available devices are not necessarily compatible with the video management software preferred by the companies. Therefore, it is very important for VMS service providers or system integrators to check the compatibility of the surveillance software with the available thirdparty devices required for the project. Types of third-party systems and applications for VMS solution Third-party systems for a video management software are either physical devices installed at the surveillance location and office premises or widgets/ applications embedded in a video management software to enable intelligent video analytics. These systems and applications can be classified into two major categories; one as the systems for security and surveillance, and other as the system for supporting and enhancing business processes. Let us discuss them in detail. Security and surveillance systems Most of the third party systems and applications for security and surveillance are common across industries and are necessarily required to be part of a video management software. IP cameras An IP camera is a primary and mandatory requirement of any VMS system. A cloud-based video management software should support all types of IP cameras (Wired and Wireless cameras, PTZ, 360 degree, night vision, autofocus cameras etc.) from the major players/ manufacturers of the industry. VMS systems for customized surveillance projects must support IP cameras with open standards-based application programming interface (API), which allows system integrators to program the cameras for specific applications. IP surveillance cameras for video surveillance software must support multiple video streams and video compressions (H.264, MJEPEG) to send the video data with low latency. ONVIF support of the IP cameras with VMS systems can be an added advantage for the surveillance project. Access control devices Access control devices integrated with video management software provide physical security to any place or premise secured by the system. Integration of VMS with access control devices allows users to monitor, control and analyze multiple access points in real time, track the number of times access granted by the devices and react immediately in case of any event is triggered. Video surveillance along with access control helps in intrusion management, biometric attendance management and identity management. Fire and smoke detectors Fire and smoke detectors are the devices, which essentially need to be integrated with the VMS system of an enterprise. Large sized enterprises can have a large number of smoke detectors, which in case of fire, trigger the fire alarms of the building. An integrated fire alarm system with VMS allows a user to quickly identify and view the location of the fire alert. A quick response to such an emergency can help in saving lives and business assets. Video analytics for security & surveillance Video analytics in a VMS solution are a result of the structured algorithm of the software and many times inbuilt functionality of the devices connected to the VMS system. Video analytics for security and surveillance can be motion detection to prevent unauthorized access in restricted areas, perimeter protection to protect the virtual/ physical boundary within the enterprise, object detection, face recognition, people counting etc. A well-connected video management software with other surveillance and business-related devices can allow users to have complete control over business processes with security solutions and helps in improving the customer’s experience with the enterprise. Third party systems supporting business processes Cloud-based video management software is a well-accepted solution for security and surveillance across industries. Moreover, its structure of assimilating the functionalities of other business supporting systems enhances its business management capacity, incredibly. It empowers its administrators to have an inclusive approach to managing their business processes optimally without compromising on safety and security. Let us discuss the third party systems (used in different industries) that can be integrated with a VMS solution to enhance the business processes. Retail Third party systems and applications of a retail video management software are helpful for both employees of the retail stores and the customers visiting the stores. Here are some of the important systems to be integrated with retail video management software: Point of sale (POS systems): Integration of VMS with POS of any retail store can help in checking the fraudulent activities done by shoplifters or employees in a retail store. At POS, a customer pays for the shopped products,…