February 23rd, 2021

Footfall counting & GDPR: Your privacy counts too

Security Privacy GDPR Data Protection People Counting Sensors

The digital economy would not exist without data about people’s behavior and actions. Companies are now investing heavily in collecting and using data about their customers to their advantage. While this seems like a scary concept, laws exist to protect people’s privacy and how companies can use the data they collect. Footfall counting and analytics solutions are also required to be GDPR compliant to protect your privacy.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for collecting and processing personal information from individuals who live in the European Union (EU). It was introduced to standardize data protection law across the single market and give people greater control over how their personal information is used in a growing digital economy.

GDPR is necessary because it improves the protection of European data subjects' rights and clarifies what companies that process personal data must do to safeguard these rights. All companies and organizations that deal with data relating to EU citizens must comply with the principles set out by the GDPR.

The GDPR sets out seven fundamental principles:

▶︎ Lawfulness, fairness, and transparency

▶︎ Purpose limitation

▶︎ Data minimization

▶︎ Accuracy

▶︎ Storage limitation

▶︎ Integrity and confidentiality (security)

▶︎ Accountability

 

Personal data relates to all personally identifiable information, such as:

▶︎ Economic factors

▶︎ Cultural and ethnic identifiers

▶︎ Mental and physical health

▶︎ Geographic location

How do you know if a footfall counting system is GDPR compliant?

Firstly, footfall counters are unable to collect personally identifiable information such as economic factors, cultural and ethnic identifiers, mental and physical health, or geographic location. Footfall counters collect anonymous data on footfall count, dwell time, occupancy levels, distance measurement, height, gender differences, traffic patterns, and view directions. While count accuracy is essential in footfall counting, personally identifiable information gathered via facial recognition technology is not utilized, nor is it beneficial to the purposes of analyzing traffic flow and optimizing customer service.

Footfall counting service providers must meet the following criteria to be considered fully GDPR compliant:

▶︎ They may not collect or store any personally identifiable information, such as a person’s facial features.

▶︎ They may only use footfall counters to collect anonymous information regarding metrics like counts, volume, and time.

▶︎ They need to seek permission to store and use a person’s personal data and notify the person about the gathered information's intended use.

▶︎ Their business doesn’t need to be located in the EU. They could be located anywhere else in the world, but as long as they collect data from European residents, they must follow the guidelines.

▶︎ They must implement data security in every process and product from the beginning.

▶︎ As per GDPR laws, a subject is within their rights to request access to the data companies hold on them.

Is Vemcount GDPR compliant?

Vemcount is 100% GDPR compliant. Vemcount does not collect or store any personally identifiable information. All the collected data is entirely anonymous and used only to improve business efficiencies and enhance customer experiences. Personal information is in no way required for these intended functions.

Vemcount also takes data security seriously. We use high-grade encryption, secure VLANs, firewalls, and IDS/IPS, as well as dedicated cloud security from Prueba CyberSecurity. Based on the performance security assessment, our external systems achieved the highest possible Security level.