VMS system administrator
System administrators are responsible for setting up the GDPR compliant system environment. System administrators do amongst the following:
- Apply and maintain a high general security level. For more information on how to secure your XProtect VMS installations against cyper-attacks, see the hardening guide.
- Apply a secure password policy
- Conduct security audits
- Ensure devices record according to the defined purpose – for example, on event, motion, always-on, and so forth
- Ensure recording and audit log retention time is set according to local law and the defined purpose of the VMS
- Ensure user management (add / remove users)
- Ensure cameras follow privacy laws and do not record areas that should not be recorded – mask out areas that should not be recorded
- Contact the Data Protection Officer (DPO) if GDPR non-compliance is suspected, for example, in the case of data breach of video materials (see Appendix: GDPR compliance)