Learn how Suprema can help you
to prepare for GDPR compliance

When it comes to access control, GDPR requires that organization to implement appropriate technical and regulatory measure to provide security level against certain risk. Suprema’s latest access control security solution now provides comprehensive GDPR-compliant features.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). Effective from May 25, 2018, GDPR also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Fines for offences related to non-compliance with key provisions, will be up to 4% of annual revenue or 20 million Euros, which ever is greater.

Start preparing for the GDPR

There is no element of security can stand alone. Physical security systems have many dimensions that must be considered. As a leader in biometrics and security, Suprema has seven significant things that you need to know.

  • Secure biometric data protection by templates

    Raw images of the fingerprints / faces are never stored in the device or server. All data is stored in templates which encrypted by 128bit AES, 256bit AES, DES/3DES depending on the designated storage location. (i.e. Device, Server and/or Smart card)

  • Protection against transactions, malware and data breaches

    TCP communication of data within the system is secured with the use of TLS 1.2 (including SSL/HTTPS). This ensures that no sensitive data is compromised during the communication between the devices and the central server.

  • Physical protection of privacy data on edge devices

    All Suprema devices are equipped with a secure tamper feature, which ensures the security of data stored in the devices. If the device is removed from the wall and tampered with, the secure data (biometric templates, User ID, Logs) within the device will automatically be deleted.

  • Providing proof of compliance

    BioStar 2 delivers comprehensive audit logs compliant to GDPR.

  • Personal data protection by ‘access on card’

    With Access on Card (AoC) technology, Suprema provides system designers with option to store personal data only on smart cards. All personal data and credential is not stored on servers or devices but only on his/her smart card of own possession.

  • Management of personal data lifecycle

    In accordance with GDPR, Suprema makes it possible in BioStar 2 so that event logs and data stored in the server is automatically deleted after a certain period of time (set by the administrator). This is in line with the ‘right to be forgotten’ requirement in the GDPR.

  • Authentication for data access

    With the latest update of BioStar 2, Suprema’s open-architecture security platform, system administrators can fully customize level of right on access to personal data information according to their organizational requirements.