You might think much of the information flowing through your Property Technology solutions – video, CCTV still images, virtual reality – wouldn’t count as processing personally identifiable data and couldn’t cause any GDPR liability on your part. But you’d be wrong.
“But we’re not storing or transmitting anything!”
It doesn’t matter. A sensor (a camera, for example) can still record images of a person, time and location information, and perhaps even visual evidence of any disabilities a person might have. This all counts as processing personal data – even if it’s fleeting and not being sent beyond the camera or stored anywhere!
“But we’re just the Prop Tech firm – our client is the Data Processor!”
Not necessarily. Because of the level of control Prop Tech firms exercise over the data, the Prop Tech firm and the client often become joint Data Controllers – and so share liability.
"But nobody else comes into contact with the data apart from us!"
Really? So in an error-handling or repair scenario a third-party technician would not be able to log in to view and test the camera feed?
The question is, how long before your clients, partners and investors spot them too?
Don’t let complacency destroy your compliance – and your business.