Private security and GDPR: challenges in processing and protecting personal data
Security Engineering
The diploma thesis examines the compliance of private security activities with personal data protection requirements. The aim of the research was to determine how Hit d. d. Nova Gorica implements the provisions of the General Data Protection Regulation (GDPR) and the Personal Data Protection Act (ZVOP-2), and to identify the main challenges in practice.
Private security companies process identification data, access records and video footage on a daily basis, making compliance with legislation crucial to prevent privacy breaches and serious legal consequences. The research applied descriptive and analytical methods, a review of legislation and internal company procedures, as well as a qualitative assessment of practical experience. Particular attention was given to video surveillance, access control, employee monitoring and staff training.
The analysis showed that the company has most key procedures well established. Organisational and technical measures such as access control, secure storage of archives and internal audits are clearly defined and effectively implemented, while audits have contributed to further improvements in record-keeping and monitoring. Despite the positive findings, some shortcomings were identified, especially the lack of formal GDPR training for staff.
The hypotheses were mostly confirmed. GDPR has significantly influenced the operations of security companies, particularly in the field of video surveillance, where dilemmas regarding the legality and proportionality of data processing are most common. While some private security providers still face difficulties in adopting a comprehensive approach to data protection, Hit d. d. Nova Gorica stands out for its well-regulated procedures and responsible conduct. The results confirm that companies investing in control mechanisms and fostering a culture of data protection achieve greater long-term success, competitiveness, reputation, customer trust and service quality.
This thesis contributes to understanding the gap between legal requirements and practical implementation in the security sector. The findings may also assist other private security providers seeking to enhance compliance and reduce risks in personal data processing.
