The impact GDPR will have on CCTV systems
On May 25th, the General Data Protection Regulation (GDPR) was introduced and, with this highly-anticipated, new legislation, the way we capture and handle CCTV footage has changed to fit with the new guidelines presented by the European Union.
Businesses now need to cooperate accordingly with the new ruling in order to avoid harmful penalties. Did you know that one penalty that businesses could face is the 4% global annual turnover fee — which obviously could potentially break a business? In this article, we give an overview on how you can make sure that your business is working within the framework of the GDPR rules. Northeast-based company 2020 Vision, investigate further:
The use of CCTV as a business
With GDPR introduced, building owners now require a valid reason for its placement. So, an example of this would be to help protect employees when it comes to health and safety, or to capture footage of any incidents that occur within the company premises.
It’s also become more difficult to place your cameras in certain areas. For example, employers are not allowed to use CCTV to watch their employees and will need a relevant reason for certain placements.
Employees are entitled to their privacy, and can object to CCTV being fitting in certain areas throughout the business – so it’s important to address this beforehand with your staff to see where they would not feel comfortable with CCTV in place. This can range from places such as canteens, break areas fitted with access control systems or even public spaces. However, if you are able to highlight a security risk that could be minimised through using CCTV, it is more likely that the CCTV will be accepted in these places.
If you’re currently using CCTV or thinking about using it in the future, once you have recorded any footage, you should be aware that you are collecting individual data. It is important then to inform people who operate in and around your business, and you should have a disclosure to tell them that CCTV is in use and that they could be captured on any footage that is obtained. A common method of resolution is to have signs that are clear and that also feature a number for those who want to contact the CCTV operators if they have any queries.
Captured footage from CCTV cameras is allowed to be kept for 30 days in total and should not be held any longer. If you need to keep it for longer, you will need to carry out a risk assessment that explains the reasons why. Images and videos that you acquire through your CCTV system might be requested by the police, but make sure that they have a written request. Police will usually view the CCTV footage on your premises and this would not warrant any concerns for the leak of the data.
Under EU legislation for GDPR, your security supplier will become the processor of the data that you are collecting – however, permissions should be highlighted in any contract signalling what they can and can’t do with it. Obviously, data breaches are a possibility when sharing data with a third party, so you will need to be extra careful when it comes to its handling.