Prepared for the GDPR?

Discover how the new General Data Protection Regulation (GDPR) sharpens data protection requirements. And how it increases the responsibility you have due to working with consumption reading.

What is it about and who is responsible?

As of May 2018, when the new GDPR took effect, you must to a greater extent consider how you collect, protect and handle your tenants’ data. In other words, you must be able to document the security level in your metering solutions and how you and your solution provider handle data security.

According to the GDPR, data protection and security must be implemented in a metering solution from the start. This makes it tempting to believe that your solution provider is responsible for data security. And he is – too – but since you work with consumption reading, you are responsible for ensuring that your solutions comply with the GDPR. Therefore, you must know what to ask your solutions provider to ensure your operation and what to answer if tenants have questions about their data protection rights.

What Kamstrup does

To make sure that our metering solutions can always deliver data that are both confidential and in their original form, we develop and design them with the following security principles in mind:

A shared responsibility

As part of working with consumption reading, you are responsible for collecting, protecting and handling your tenants’ data. Therefore, it is key that you know how your metering solutions are set up and secured. This only happens by asking questions to your solutions provider and insisting on transparency.

As a solution provider, we are responsible for the solutions we develop, operate and host for many customers worldwide. So transparency is medication we gladly take ourselves. A Kamstrup solution is secure. We vouch for that.

Questions you should ask your solutions provider

How do I explain to tenants how their meter data is protected?

How do you handle individual encryption and encryption keys?

Can you document the security of your solutions?

Can you document how you continuously work with data security?

How do you manage system rights and log who is doing and when?