With May 25th fast approaching, the General Data Protection Regulation, otherwise known as GDPR, will be implemented by the European Parliament and change the way businesses that operate in or have ties with Europe handle data forever. Not only that, but this new piece of legislation will influence the way we capture and handle CCTV footage
With the implementation date looming closer, businesses across the continent are having to adapt their methods of data handling and understand the harsh consequences if they aren’t compliant.
In this article, 2020 Vision, which provides access control systems, explain how businesses can avoid the 4% global annual turnover penalty by making sure your business is working within the framework of the GDPR rules once they’re introduced.
What your business must think of before May 25th
If you’re looking to install CCTV cameras around your premises, you will need to have a strong and valid reason for its placement. An example of this would be to help protect employees when it comes to health and safety or to capture footage of any incidents that occur within the company.
You can use the security systems you have in place to ‘spy’ on your employees and for some employers, this can become a problem — however, to get the go-ahead on this, you must complete an operational requirement (OR) form.
Wherever your workers may expect some privacy, they can object to the placement of security cameras. This can range from places such as canteens, break areas and public spaces. If you are able to highlight a security risk that could be minimised through using CCTV, it is more likely that the CCTV will be accepted in these places, again think of the OR.
If you’re using CCTV to capture footage, you’re instantly collecting personal data. To inform people who operate in and around your business, you should have a disclosure to tell them that CCTV is in use and that they could be captured on any footage that is obtained. A common method is to have signs that are clear and feature a number for those who want to contact the CCTV operators if they have any queries.
Whatever footage you capture from your video surveillance can be retained for up to 30 days. If you need to keep it for a longer time period, you need to carry out a risk assessment that explains the reasons why. Images and videos that you acquire through your CCTV system might be requested by the police, but make sure that they have a written request. Police will usually view the CCTV footage on your premises and this would not warrant any concerns for the leak of the data.
Under GDPR, the security supplier that you have in place will become your data processor — meaning that you need to put a contract in place that states what external companies can and can’t do with any footage that they obtain. Data breaches are a possibility when sharing data with a third party, so you need to be extra careful when it comes to handling.