On-Premise Processing - Definition
On-premise processing (also commonly referred to as on-premises processing) means performing data operations within infrastructure owned and controlled by an organization, without permanently transferring the data to a public cloud. In the context of image and video anonymization, this involves running detection, classification, and masking of faces and license plates on local servers - often within networks isolated from the Internet.
An on-premise approach supports the principles of data minimization, integrity, and confidentiality under Article 5(1)(c) and (f) of the GDPR, as well as the implementation of appropriate technical and organizational measures under Article 32. It reduces the data transfer surface, simplifies access control, and helps meet data residency requirements.
The Role of On-Premise Processing in Image and Video Anonymization
Image and video anonymization requires detecting sensitive objects and irreversibly distorting them. In practice, deep neural networks trained on labeled datasets are used and then deployed for inference during the masking process. While model training typically takes place outside the customer’s environment, inference and the entire processing pipeline can be conducted on-premise to ensure that source data never leaves the controlled infrastructure.
In solutions such as Gallio PRO, automatic blurring applies to faces and license plates. The system does not blur entire silhouettes, does not provide real-time anonymization, and does not support live video stream anonymization. Other visual elements - such as logos, tattoos, ID badges, or screen content - can be manually blurred using the built-in editor. The software does not collect logs containing images or other personal data; in particular, operational logs should not store metadata that could identify individuals.
On-Premise Technologies and Architecture
An on-premise implementation for video anonymization software focuses on a cohesive architecture covering compute, storage, and security layers. Below are the most common components and deployment best practices.
- Compute layer - GPU-enabled servers for deep learning inference; alternatively CPUs with SIMD acceleration. Containerization (e.g., Docker) and orchestration in isolated environments.
- Data layer - Local file or object storage with encryption at rest (e.g., AES-256; key length and cryptoperiod selection in line with NIST SP 800-57), along with retention control and versioning.
- Transport security - TLS 1.2 or 1.3 (RFC 5246 and RFC 8446) for internal traffic, with network access restrictions via ACLs and segmentation.
- Identity and access management - Integration with AD/LDAP, least privilege principle, and separation of operator and administrator roles.
- ML lifecycle management - Receipt of signed inference models, integrity validation, controlled offline updates, and regression testing of detection quality before deployment.
- Operational audit trail - Logging of administrative activities without storing image content or personally identifiable metadata.
Key Parameters and Metrics (On-Premise Anonymization)
Evaluating an on-premise processing solution should consider both detection quality and operational characteristics. The table below outlines key metrics and how they are verified.
Parameter | What It Measures | Method / Unit | Notes
|
|---|---|---|---|
Face Detection Recall | Percentage of correctly detected faces | Domain-representative test set; frame-level metrics | Validate on production-like data |
Face Detection Precision | Percentage of correct detections among all detections | TP/FP confusion matrix; F1 score | Reduces excessive blurring |
License Plate Recall/Precision | Effectiveness of license plate detection | Road video test datasets | Critical for dynamic scenes |
Latency per Frame | Processing time per frame | Milliseconds; average, p95 | Important for batch queues |
Throughput | Processing performance | FPS or files/hour | Supports capacity planning |
Mask Coverage | Percentage of object area covered by mask | % of detected object area | Minimizes exposure risk |
Irreversibility | Resistance to mask reversal | Reconstruction attack testing | Related to filter strength |
Resource Utilization | GPU/CPU/RAM/IO consumption | System profiling | Capacity planning |
Cryptographic Compliance | Strength of encryption at rest and in transit | AES-256, TLS 1.2/1.3 | Aligned with NIST and IETF |
RTO/RPO | Operational resilience | Minutes/hours; DR policies | Recovery procedures |
Challenges and Limitations
While on-premise processing increases control, it also places full responsibility for maintenance and updates on the organization. The main risks that must be addressed through architecture and procedures include:
- Capital and energy costs of infrastructure and GPUs.
- Managing security patches and container images in isolated networks.
- Batch scalability for large video archives and diverse codecs.
- Model drift and the need for periodic detection quality validation.
- Log and telemetry control to prevent storage of personal data.
- Supply chain security for models and libraries, including signature verification and SBOM validation.
Use Cases
On-premise video anonymization is preferred where full processing control and zero cloud transfer are required. Typical use cases include public sector entities, law enforcement agencies, and industrial organizations.
- Sharing CCTV footage with third parties after blurring faces and license plates.
- Publishing workplace training materials with individuals anonymized.
- Internal health and safety (HSE) incident analysis while preserving employee privacy.
- Handling evidentiary materials requiring chain of custody and integrity assurance.
Normative References and Sources
The following documents provide the definitional and technical foundation for on-premise processing in the context of data protection and security measures used in visual anonymization.
Document | Scope | Issuer / Year
|
|---|---|---|
GDPR - Regulation (EU) 2016/679, Art. 4, Art. 32, Recital 26 | Definitions of personal data, security of processing, concept of anonymization | European Parliament and Council, 2016 |
EDPB Guidelines 3/2019 on processing of personal data through video devices (final version) | Guidance for video systems, including minimization and masking measures | EDPB, 2020 |
WP29 Opinion 05/2014 on Anonymisation Techniques | Risks, techniques, and effectiveness testing of anonymization | Article 29 Working Party, 2014 |
ISO/IEC 27001:2022 | Information security management systems | ISO/IEC, 2022 |
ISO/IEC 27002:2022 | Information security control practices | ISO/IEC, 2022 |
ISO/IEC 27701:2019 | PIMS extension to ISO 27001 for personal data protection | ISO/IEC, 2019 |
NIST SP 800-53 Rev. 5 | Security and privacy controls for information systems | NIST, 2020 |
NIST SP 800-57 Part 1 Rev. 5 | Cryptographic key management and algorithm strength | NIST, 2020 |
IETF RFC 8446 - TLS 1.3 | Secure transport communication | IETF, 2018 |
IEC 62676-4:2014 | Guidelines for CCTV system application | IEC, 2014 |
Legal note: In many jurisdictions, facial images and license plates may constitute personal data under the GDPR. Specific obligations and exemptions depend on national law and the context of publication.