Even as we plan to leave the European Union, new legislation — named the General Data Protection Regulation (GDPR) — is set to be made official on the 25th of May next year. With this new legislation, the way we capture and handle CCTV footage will change to fit with the new guidelines presented by the European Union.
As it’s introduced, companies will need to comply with the new rules and understand the penalties. One penalty that businesses could face would be the 4% global annual turnover fee — which could break a business. In this article, we discuss how you can make sure that your business is working within the framework of the GDPR rules once they’re introduced. We’ve teamed up with 2020 Vision, suppliers of access control systems to find out more.
Businesses and CCTV
Business owners will need to have a valid reason for CCTV placement within the business. An example of this would be to help protect employees when it comes to health and safety or to capture footage of any incidents that occur within the company.
CCTV is not allowed to fit the purpose of spying on employees — it’s important that any employer has a valid reason for video surveillance implementation in certain areas.
Members of the workforce can object to the placement of certain CCTV cameras if they feel as though it invades their privacy. This can range from places such as canteens, break areas and public spaces. If you are able to highlight a security risk that could be minimised through using CCTV, it is more likely that the CCTV will be accepted in these places.
If you’re a business that uses CCTV, you’re collecting personal data of anyone who is visible within the frame. To inform people who operate in and around your business, you should have a disclosure to tell them that CCTV is in use and that they could be captured on any footage that is obtained. A common method is to have signs that are clear and feature a number for those who want to contact the CCTV operators if they have any queries.
Any data that comes from the CCTV is retainable for 30 days. If you need to keep it for longer, you need to carry out a risk assessment that explains the reasons why. Images and videos that you acquire through your CCTV system might be requested by the police, but make sure that they have a written request. Police will usually view the CCTV footage on your premises and this would not warrant any concerns for the leak of the data.
Once GDPR has been introduced by the EU, your security supplier will be the processor of your data — you should outline in the contract what their permissions are with any of the footage. Data breaches are a possibility when sharing data with a third party, so you need to be extra careful when it comes to handling.