How to ensure your CCTV system is GDPR compliant
How To Ensure Your CCTV System Is GDPR Compliant
With all the talk of the new The General Data Protection Regulations (GDPR) beginning to strike fear into the hearts of companies throughout the UK, you might be wondering what differences this legislation presents to the previous Information Commissioner’s Office (ICO) Code of Practice (2017) that it replaces.
What is the GDPR?
The GDPR comes into force on 25th May 2018. It has been developed to replace the legislation within the Data Protection Act 1998, which, with the evolution of digital technology in recent years, is now considered to be out of date. In an age where internet giants such as Google and Facebook often swap access to their services for personal information, the GDPR is designed to give people more say over what companies can do with their data.
If companies fail to update their data protection procedures and do not comply with the regulations once they have come into force, they can be fined up to 4% of their annual turnover.
The good news is that, in terms of the security sector, the primary requirements of the GDPR are broadly similar in nature to the previous Act, which has governed the use of CCTV up to now.
Steps you need to take in order to comply with the GDPR
- Justify the reasons for using CCTV – and document them
- Inform people that cameras are being used. Display signage which identifies who’s managing the cameras and how to contact them
- State the duration for which recordings are held, and justify why this needs to be the case for security purposes
- Be able to provide people who have been recorded with copies of their personal data
- Ensure that third parties with access to your CCTV data understand their obligations in relation to GDPR
These third parties include the CCTV installer, who may also be monitoring the cameras on behalf of clients. In this case, the security company is regarded as the “data processor” and is working for the client, who is the “data controller”. As such, the security company will need to have robust measures in place to prevent unauthorised access, alteration, destruction or disclosure of the CCTV data.
This includes an obligation to ensure the transmission network is secure. Recordings will also need to be electronically encrypted, physically locked and tracked by a signing process if removed.
It’s clearly important that users and installers of CCTV operate in accordance with the law, ensuring that people are treated fairly, and neither operators nor installers are open to prosecution or fines.
If you have any doubts about your GDPR compliance, please contact ClearView on 01245 214104. We’ll be happy to help.