Suprema does data protection

July 2018 Access Control & Identity Management, Security Services & Risk Management

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union as well as the export of personal data outside the EU. As an EU provider of biometric access control solutions, Suprema has anticipated the regulation by providing key technical features to comply with GDPR.

Recently showcased at IFSEC 2018 in London, Suprema provided a full demonstration of its GDPR-ready solution to help systems integrators and customers understand trusted best practices to keep people and organisations safe and secure.

When it comes to access control, GDPR requires that organisations implement appropriate technical and regulatory measures to provide security against certain risks. Suprema’s latest access control security solution now offers comprehensive GDPR-compliant features including:

• Secure biometric data protection through templates: Raw images of the fingerprints/faces are never stored in the device or server. All data is stored in templates, which are encrypted by 128 bit AES, 256bit AES, or DES/3DES depending on the designated storage location (i.e. device, server and/or smartcard).

• Protection against transactions, malware and data breaches: TCP communication of data within the system is secured using TLS 1.2 (including SSL/HTTPS). This ensures that no sensitive data is compromised during the communication between the devices and the central server.

• Physical protection of privacy data on edge devices: All Suprema devices are equipped with a secure tamper feature, which ensures the security of data stored in the devices. If the device is removed from the wall and tampered with, the secure data (biometric templates, user ID, logs) within the device will automatically be deleted.

• Personal data protection by ‘access on card’: With Access on Card (AoC) technology, Suprema provides system designers with the option to store personal data only on smartcards. All personal data and credentials are not stored on servers or devices, but only on his/her smartcard.

• Management of personal data lifecycle: In accordance with GDPR, Suprema makes it possible in BioStar 2 for event logs and data stored in the server to be automatically deleted after a certain period of time (set by the administrator). This is in line with the ‘right to be forgotten’ requirement in the GDPR.

• Authentication for data access: With the latest update of BioStar 2, Suprema’s open-architecture security platform, system administrators can fully customise an individual’s access rights, to personal data information, according to their organisational requirements.

• Providing proof of compliance: BioStar 2 delivers comprehensive audit logs.

For more information, contact Suprema, +27 11 784 3952, enquiry@suprema.co.za, www.suprema.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Disconnect between confidence in identity security and operational reality
Access Control & Identity Management News & Events
New FIDO Alliance and HID study reveals gap between identity security confidence and reality; 94% of enterprises claim they can revoke employee access within 24 hours, yet 35% experienced delays or failures in the past two years.

Read more...
Paxton Solo training available to security installers
Paxton Access Control & Identity Management News & Events
Following the launch of Solo, Paxton’s brand-new access control system, the security manufacturer is rolling out dedicated Solo training sessions across South Africa to support security installers working with the system.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Controlling access for people and vehicles
IDEMIA STid Security Technews Publishing Editor's Choice Access Control & Identity Management Asset Management Industrial (Industry) Mining (Industry)
When it comes to access control, the security requirements of mines and the industrial sector are similar, requiring a layered approach that combines physical barriers, digital authentication, and continuous monitoring to protect personnel, assets, and operational continuity.

Read more...
The post-Q1 security checklist
Asset Management Security Services & Risk Management
By this time of year, employees have changed jobs or roles, suppliers may have changed, and devices have moved between offices, homes, and sites. This is the right time for businesses to run a practical post-Q1 security check.

Read more...
PoPIA turns its attention to gated access
News & Events Security Services & Risk Management
The Information Regulator has gazetted its proposed Code of Conduct for the processing of personal information at gated access points. At 65 pages long, the code signals a significant shift in how personal information is collected and managed at entry points.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.