As a critical component of the Access Control System, Armatura's biometric technology must adhere to GDPR requirements, particularly since biometric data is categorized as a special category of personal data under Article 9 of the GDPR. Armatura's biometric algorithms employ data minimization techniques, ensuring that only necessary data is collected, processed, and stored. The biometric data is encrypted and securely stored on the hardware devices and within the cloud platform to prevent unauthorised access.
Armatura implements a comprehensive data protection impact assessment (DPIA) to identify and address potential risks associated with the processing of biometric data, as required by Article 35 of the GDPR. Additionally, the biometric technology incorporates privacy-enhancing technologies (PETs) to reduce the risk of unauthorised access or misuse of biometric data. For instance, Armatura employs template protection techniques, such as biometric encryption and secure multi-party computation, to ensure that biometric data cannot be reverse-engineered or linked to a specific individual.
Moreover, Armatura's biometric technology includes mechanisms for obtaining user consent before collecting and processing biometric data, in accordance with Article 6 of the GDPR. Users are provided with clear information about the purpose and nature of biometric data processing, as well as their rights under the GDPR. The biometric technology also supports data portability, allowing users to transfer their biometric data between different devices and systems, as mandated by Article 20 of the GDPR.