Our corporation is based in the US, but we have sites in the EU. We manage the CCTV systems in the EU from our corporate headquarters. Storage of video is maintained at the EU site, but we review and retain as needed. Discrimination of findings usually takes place via a written account of what was found, with actual video rarely provided.
Next week I have a meeting with our IT Security Department to discuss GDPR. Surprisingly, there doesn't seem to be much chatter on IPVM about it. The GDPR site wasn't exactly a page turner.
Can anyone help with some bullet points to help direct the conversation from my perspective? I know that's vague, but any assistance would be helpful.