LiDAR and GDPR: a privacy-first approach to securing critical infrastructure

Across Europe, security professionals are facing an increasingly delicate balance: protecting critical infrastructure while upholding the region’s strict data protection regulations. Traditional surveillance methods, particularly video systems, can raise complex compliance issues, often requiring consent, careful handling of personal identifiable information (PII), and secure storage practices. With GDPR setting the standard for data protection, many organisations are now considering LiDAR technology as a responsible, compliant alternative to video surveillance.

Understanding the GDPR landscape

The General Data Protection Regulation (GDPR) governs how personal data is collected, stored, and processed. For video surveillance, this often includes images of faces, vehicle licence plates, or behaviour that could be linked back to an individual. These identifiers fall squarely within GDPR’s scope and come with strict compliance obligations.

Several companies have incurred significant penalties and fines due to surveillance practices that failed to meet GDPR requirements. One leading e-commerce platform was fined €32 million for what regulators called ‘excessive employee monitoring’, using scanning and video systems in a way that blurred the line between productivity tracking and surveillance. Similarly, a facial recognition technology company received a €30.5 million fine for creating a database of biometric profiles from billions of online images without user consent, highlighting how uncontrolled video or image capture can lead to major legal exposure.

Using systems that collect identifiable data, whether in the workplace or public areas, comes with significant compliance and reputational risks. This is why more organisations are now considering privacy-by-design solutions, such as LiDAR technology, which enable accurate detection without processing personal data.

How LiDAR technology differs

LiDAR, or Light Detection and Ranging, offers a fundamentally different approach to detection. Selected LiDAR sensor models map the movement of people or objects using invisible laser pulses. This produces spatial data that shows what is happening without revealing who, specifically, is involved.

In GDPR terms, this means that LiDAR typically does not collect personal data. There are no facial images, licence plates, or other identifiers, so the risk of a breach exposing sensitive content is greatly reduced. For many use cases, consent and data rights management are not required, which helps simplify operations and reduce administrative burden.

At the same time, LiDAR provides detailed, reliable detection. REDSCAN devices are capable of tracking size, distance, and position with high precision, regardless of lighting or temperature conditions. These sensors create virtual walls or curtains that can detect unauthorised movement instantly, and activate recording of nearby CCTV to store the footage when a security breach is detected.

Supporting high-security applications

In critical environments where accuracy, uptime, and discretion are essential, such as substations, data-centres, airports, and government sites, LiDAR is increasingly being adopted, particularly in highly restricted locations where video footage becomes a risk. Systems like the REDSCAN RLS-2020A offer wide-area coverage and flexible zone configuration, making them well-suited for complex or sensitive environments. This helps distinguish between different types of movement (for example, a person versus a vehicle) and set up different response thresholds. Some models include an internal camera used solely for sensor alignment and optimisation, where footage is encrypted and is not accessible to operators.

Unlike cameras, LiDAR sensors are unaffected by poor visibility, low light, or glare. And because no sensitive footage is stored, the risk of a cybersecurity incident exposing PII is significantly reduced.

One often overlooked advantage is integration: LiDAR sensors offer a choice of IP and connection via Inputs/Outputs (IOs) terminals, and selected models are ONVIF Profile S compliant. All models can be integrated into most video management systems and camera streams, including legacy products such as the RLS-3060L, SH and RLS-2020I/S, made for easier integration. With the help of LiDAR, you can increase safety in places where GDPR matters the most, retaining an additional layer in the multi-layered security approach.

A GDPR-friendly option that doesn’t sacrifice performance

Regulators across Europe continue to push for data minimisation and privacy by design. LiDAR fits naturally into this framework. The technology does not collect any visual data that can be used to identify an individual and only identifies an object of specific volume as a threat, triggering an alarm.

Even so, it's important to apply the same best practices expected under GDPR. Clearly defining the purpose of data processing, avoiding excessive retention, and maintaining transparency with stakeholders remain important, even when personal data isn’t collected. But the path to compliance is simpler, and the risks are inherently lower.

Conclusion

The growing privacy scrutiny around video surveillance makes it increasingly important for security professionals to explore alternative technologies. LiDAR offers a thoughtful way forward, one that meets the operational needs of critical infrastructure while aligning with Europe’s strong data protection culture.

At OPTEX, we are proud to support organisations looking to strike this balance. Our REDSCAN series combines advanced detection with a privacy-first mindset, helping to create environments that are both secure and respectful of individual rights.