GDPR and The SentrySIS Platform
GDPR (General Data Protection Regulation) comes into UK law on 25th May 2018 where this new legislation significantly increases the legal obligations on both data processors and data controllers when handling personal data. The aim of this new legislation will strengthen the protection of personal data for all individuals within the EU and how personal data is used by organisations. There are substantial fines in the event of non-compliance to this legislation.
The role SentrySIS has within GDPR
The SentrySIS platform contains a database of Subjects of Interest of which SentrySIS are the Data Processors acting on behalf of its users who are Data Controllers. Subjects of Interests are added to this database by SentrySIS Users once an individual has been confirmed as fact by the police, a crime partnership or business improvement district for carrying out unlawful acts.
The SentrySIS software provides the necessary tools that allow and assist Data Controllers the management processes to control data responsibly in line with the Data Protection Act and GDPR legislation.
SentrySIS’s processes and procedures carefully comply with the 6 Guiding Principles set out in Article 5 of GDPR which in summary are as follows:
Personal data within SentrySIS shall be:
Processed lawfully, fairly and in a transparent manner in relation to individuals;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Due to the facial recognition technology used within SentrySIS (Biometric Data which includes Facial Recognition algorithms and ethnic origin profile category) and for Subjects of Interest data, SentrySIS believe that they are one of a small number of organisations that can observe this additional set of measures, including the Substantial Public Interest test set for processing this type of data.
SentrySIS are committed to its responsibilities to how data is processed within the SentrySIS platform and promise to ensure compliance with the 6 principles above. This is demonstrated through its highly secure platform, internal company processes and the data centre supplier SentrySIS use for its operation. In addition to this the highly skilled staff SentrySIS employ to carry out various tasks also is a reflection of its commitment to the above.
Since 2010 SentrySIS have been working with a number of crime partnerships, national retailers, business improvement districts and police constabularies, building trustworthy, honest and transparent relationships.
The technology partners SentrySIS employ are some of the UK’s most reliability and secure suppliers of services ensuring that SentrySIS customers have the best experience from using its software in the most secure environment possible.
The requirements of SentrySIS customers
Once SentrySIS Users insert their data into the SentrySIS system, SentrySIS ensures that this data is secure and managed correctly in line with all current and GDPR legislation.
In return SentrySIS ask and recommend that its customers ensure the following:
1. They are appropriately registered with the Information Commissioners Office, where necessary.
2. They sign and adhere to all legal documentation provided to them by SentrySIS, The Police and/or the Crime Partnership or Business Improvement District they are members of.
3. They sign and adhere to the SentrySIS End User Licence Agreement (EULA) which highlights the respective responsibilities of SentrySIS, the software provider (who are Data Processors) and SentrySIS users (who are Data Controllers) when inserting data into the SentrySIS system.