With the General Data Protection Regulation (commonly referred to as GDPR) ready to be introduced in May 2018 – businesses need to take notice and prepare themselves with what is to come. With this new legislation, the way we capture and handle CCTV footage will change to fit with the new guidelines presented by the European Union.
With the legislation not too far away, businesses need to have an understanding of how they must adapt, and recognise the penalties if they don’t.
In this article, we discuss how you can make sure that your business is working within the framework of the GDPR rules once they’re introduced.
We’ve teamed up with 2020 Vision, providers of access control systems who want to help your business avoid the four percent annual turnover and have given their advice on how to do that:
What businesses need to know about GDPR once it’s introduced
Once introduced, companies will need to have a strong reason as to why they need CCTV installed around their operation area. An example of this would be to help protect employees when it comes to health and safety or to capture footage of any incidents that occur within the company.
Employers will not be allowed to use CCTV to spy on their staff – meaning that they will have to justify the placement of cameras.
If staff feel that their privacy is being invaded, they can object to CCTV. This can range from places such as canteens, break areas and public spaces. If you are able to highlight a security risk that could be minimised through using CCTV, it is more likely that the CCTV will be accepted in these places, again think of the OR.
Anyone that uses CCTV on their premises starts to collect personal data. To inform people who operate in and around your business, you should have a disclosure to tell them that CCTV is in use and that they could be captured on any footage that is obtained. A common method is to have signs that are clear and feature a number for those who want to contact the CCTV operators if they have any queries.
As data is collected daily when CCTV is activated, each day of footage can be kept for 30 days. If you need to keep it for a longer time period, you need to carry out a risk assessment that explains the reasons why. Images and videos that you acquire through your CCTV system might be requested by the police, but make sure that they have a written request. Police will usually view the CCTV footage on your premises and this would not warrant any concerns for the leak of the data.
With this law coming into action soon, it states that your business’ security supplier becomes your data processor – this means that employers should outline what they can and can’t do with the data obtained. Data breaches are a possibility when sharing data with a third party, so you need to be extra careful when it comes to handling.