By 2020 CCTV
25th May 2018 will mark the day where GDPR (General Data Protection Regulation) is implemented by the European Union. With this new legislation, the way we capture and handle CCTV footage will change to fit with the new guidelines presented by the European Union.
With the implementation date closer than we think, businesses should be preparing to comply with changes and be aware of the penalties if they don’t.
In this article, we discuss how you can make sure that your business is working within the framework of the GDPR rules once they’re introduced and help your business avoid the 4% global annual turnover penalty.
What you need to know once GDPR has been introduced:
Viable reasoning is needed for those who have CCTV around your business. An example of this would be to help protect employees when it comes to health and safety or to capture footage of any incidents that occur within the company.
Compiling an operation requirement (OR) is important when it comes to having CCTV in your business property as you can’t use CCTV to spy on your employees – and you need to justify your reasoning.
CCTV that is placed within a public space where someone would expect privacy could face reports the public. This can range from places such as canteens, break areas and public spaces. If you are able to highlight a security risk that could be minimised through using CCTV, it is more likely that the CCTV will be accepted in these places, again think of the OR.
Personal data is being collected constantly through video surveillance. To inform people who operate in and around your business, you should have a disclosure to tell them that CCTV is in use and that they could be captured on any footage that is obtained. A common method is to have signs that are clear and feature a number for those who want to contact the CCTV operators if they have any queries.
Footage that has been collected from CCTV operations can be kept for 30 days. If you need to keep it for a longer time period, you need to carry out a risk assessment that explains the reasons why. Images and videos that you acquire through your CCTV system might be requested by the police, but make sure that they have a written request. Police will usually view the CCTV footage on your premises and this would not warrant any concerns for the leak of the data.
2020 Vision, who provide access control systems, found that your security supplier will be your data processor under the GDPR law. This means that those who are using security companies should put an abiding contract in place that states what the security company can do with the footage that is collected from your premises. Data breaches are a possibility when sharing data with a third party, so you need to be extra careful when it comes to handling.