CCTV: The General Data Protection Regulation’s impact

CCTV: The General Data Protection Regulation’s impact

On the 25th of May 2018, the General Data Protection Regulation (GDPR) will have been introduced by the European Union. With this new legislation, the way we capture and handle CCTV footage will change to fit with the new guidelines presented by the EU.

Businesses will need to become aware of this new regulation and adapt to it while understanding the consequences they may face if they don’t — such as the 4% global annual turnover penalty.

With the help of 2020 Vision, we discuss how you can make sure that your business is working within the framework of the GDPR rules once they’re introduced.

The starting stages of GDPR

A valid reason is needed for you to have CCTV around your perimeter. If you’re worried about potential burglaries, for example, try using access control systems to prevent any crime.

An example of this would be to help protect employees when it comes to health and safety or to capture footage of any incidents that occur within the company.

If you have CCTV with employees in view, you need to justify the reasons why – you can’t use video surveillance to spy on your employees.

Putting CCTV in public places where individuals expect a certain level of privacy can be a problem. This can range from places such as canteens, break areas and public spaces.

If you are able to highlight a security risk that could be minimised through using CCTV, it is more likely that the CCTV will be accepted in these places, again think of the OR.

If you have a CCTV system in place, you’re obtaining personal data on a daily basis. To inform people who operate in and around your business, you should have a disclosure to tell them that CCTV is in use and that they could be captured on any footage that is obtained.

A common method is to have signs that are clear and feature a number for those who want to contact the CCTV operators if they have any queries.

This type of data from video footage can be kept for up to 30 days. If you need to keep it for a longer time period, you need to carry out a risk assessment that explains the reasons why.

Images and videos that you acquire through your CCTV system might be requested by the police, but make sure that they have a written request. Police will usually view the CCTV footage on your premises and this would not warrant any concerns for the leak of the data.

Under the General Data Protection Regulation legislation, your security suppliers become data processors – you should create a guideline specifying what they can and can’t do with footage.

Data breaches are a possibility when sharing data with a third party, so you need to be extra careful when it comes to handling.