Data security

Are you prepared to handle personal data? 

When the new General Data Protection Regulation (GDPR) takes effect in May 2018, as a utility or property manager you must to a greater extent consider how you collect, protect and handle consumption data. You must be able to document the level of security in your metering solutions as well as how you and your solution supplier handle data security.  
According to the GDPR, data protection and security must be implemented in a metering solution from the start. We already do so as we have been working with information security for a long time, which is evident due to our ISO27001 certification.

A shared responsibility

Data security is an integrated part of our solutions, but it is a shared responsibility to ensure that the GDPR requirements are met. It is tempting to believe that the solution supplier is responsible for data security. And he is – too – but since you work with consumption data, you are responsible for ensuring that your solutions comply with the regulation. Therefore, you need to know which questions to ask solution suppliers to ensure your operation and what to answer if your consumers or tenants have questions about their data protection rights.

How does Kamstrup comply with GDPR?

To make sure that our metering solutions can always deliver data that are both confidential and in their original form, we develop and design them with the following security principles in mind: Data encryption, role-based access to data, logging of activities, several layers of security and finally a contingency plan. 

Data encryption

All metering devices have individual encryption keys to protect data
from meter to collection unit and from collection unit to server. These
must not be transferred via plain text in emails, USB keys or the like.
Therefore, we have methods for exchanging encryption keys with our
customers in a safe way, so that encryption keys will not fall into the
wrong hands. 

Storage and decryption of data happen solely behind firewalls and in
the data management system to ensure the data security required by
the legislation.

Role-based access

Data security is not only a technical matter. It is also about internal processes.
Among others, this means that there is a difference between who needs to see
and handle which data in the system and when to do so. Because of this, our
systems make it easy to handle roles and rights and perform the necessary
restrictions required for you to comply with the GDPR.

Logging of activities

An important element of data security is the human factor – because
no chain is stronger than its weakest link. This is why activity logs and
traceability in our solutions ensure full transparency so that you know
exactly which user has done what and at what time. In this way, you
can at always live up to your documentation responsibility. 

Multiple layers of Security

Our systems have several layers of functions and controls that increase the security.
Hereby a potential security breach can be isolated to a single part of or component
in the system, because several security layers have been built in between the single
layers. This minimises potential damages.

Contingency plan

We always try to keep ahead of IT criminals. If a security breach
should occur anyway, we have a contingency plan for ensuring
that both you and we are quickly up and running again. This implies
a number of clear steps for how we detect security breaches, clarify
the scale of the incident and contact the people who may be affected.
In that way, you can rest assure that we are always prepared. 

A secure solution

We regularly test and challenge our systems. And we make sure that our specialists are trained in the newest knowledge and technology. In this way, we always try to be at the forefront of the technological development. A Kamstrup solution is secure. We stand behind that.

We use cookies on our website. Learn more about cookies.