Nothing virtual about NCTech’s privacy compliance

• NCTech is the company behind the world’s highest resolution 360° HDR camera
• When you’re capturing images across countries, you face a world of privacy implications
• The Privacy Compliance Hub helps NCTech’s culture of continuous compliance

What does NCTech do?

NCTech is a virtual data company which designs and develops hardware and software to perform vastly detailed 360° data capture. Its products are used in an array of fields, from mapping crime scenes to virtual reality to automating asset management for infrastructure, engineering and heritage companies. Its partners include Google, Intel and Sony and the company’s technology is used around the world.

The challenge

As developers of panoramic cameras used in the public and private domain, across Europe and beyond, the advent of GDPR inevitably raised concerns for NCTech. Since GDPR is designed to protect individuals’ privacy, identifiable image capture could create a legal minefield. “Above all,” says Martin McGreskin, NCTech’s VR.World operations director, “we’re an ethical company. We want to do things right. Any business should want to know how its clients perceive them and the issue of data privacy compliance has serious implications for legality and trust.”

NCTech began looking at how the firm could protect its customers, the general public and its own interests. Martin spoke with expert data privacy lawyers and saw that Google must surely have covered similar compliance issues with its own mapping venture. So, he looked at what Google’s experience had been and they were extremely helpful insights. They’d already taken the risks and opened doors, and this revealed to Martin some of the positives and negatives of embarking on this project.

“I cannot overstate this – we would have been overwhelmed without the Hub’s methodology to direct us through the process”

Martin McGreskin
Operations Director at NCTech

Choosing the Privacy Compliance Hub

At around the same time, Martin read an article in Forbes magazine. It featured Karima Noren, co-founder of the Privacy Compliance Hub along with Nigel Jones, former head of legal at Google in Europe. Karima had spent eight years at Google, two as head of legal emerging markets. “What I read really resonated with me,” said Martin, “The Privacy Compliance Hub’s approach seemed consultative; they’ll take you through the inner workings and principles of compliance. It’s not so much about documentation, but more about complying behaviourally.”

Martin also spoke with Sheila Fitzpatrick, one of the world’s foremost experts in data protection law. It became clear that any approach which required continual consultation with lawyers would result in much greater costs. The Privacy Compliance Hub offered not just cost certainty and cost efficiency, but a real framework which would allow NCTech to build compliance into its operations.

“We’re capturing images at a volume of 400 images a mile,” explained Martin. “Depersonalising the data is important. We have to respect people’s rights, religious beliefs and privacy, think about issues like children and schools. We encrypt the data, blur details, but we still need to demonstrate that we’re transparent. We’re in talks with governments before embarking on projects, and we find they’re far more responsive when you’re open about security concerns. Aided by the Hub, we’re able to show the entire process to data privacy commissioners and the like.”

“Above all, we’re an ethical company. We want to do things right. Any business should want to know how its clients perceive them and the issue of data privacy compliance has serious implications for legality and trust.”

Martin McGreskin
Operations Director at NCTech

The result

NCTech had already made progress on GDPR before introducing the Hub and quickly amalgamated the data and compared documents against the Hub’s templates. “I cannot overstate this – we would have been overwhelmed without the Hub’s methodology to direct us through the process,” said Martin. “We soon had validation for the work we’d already done and were made aware of things we might not otherwise have considered.”

It doesn’t end there, though. “A lot of businesses aim for the finish line, then step back from that focus. The Hub provides regular updates on data protection changes, though,” Martin said, “so our five privacy champions will continue to meet once a month to review and repeat the process wherever required. It’s become an important part of our culture.”