It has almost been a year now since the introduction of GDPR; the European Union's General Data Protection Regulation, which came into force on the 25th May 2018, that safeguards the personal information of people. With so much attention focused on how websites manage the personal data of their users, it can be easy to assume that this regulation does not extend beyond the confines of the World Wide Web. Personal data comes in all forms, including the images recorded by IP CCTV Systems.
Whether it's for security, health and safety or statistical reasons, the identifiable imagery that a business records is considered as personal data by GDPR. This is why the management of it requires the same level of thought and care as what may be expected with other methods of storing information.
If you run your own business and need to ensure that you are correctly abiding by the regulations set out by GDPR, we've compiled some important information that you need to consider.
What Your Business Must Consider When Using IP CCTV Systems
Even though CCTV is a popular security option for a business to deter crime, your business should have a strong reason for its placement (as well as ensuring that it's serving a specific purpose regarding the protection of your business). For example, using CCTV to monitor the health and safety of staff, capturing footage of incidents that could occur, is defined as 'proper usage'.
'Improper usage' can be defined as using your IP CCTV Systems solely to 'spy'on your staff or customers – which can be construed as a breach of privacy. The placement of cameras should be justified by the compiling of an operational requirement (OR). This document should state what you intend for the camera to do. As an example – the monitoring of areas on a shop floor that may play host to particularly expensive stock, or to monitor areas that may possibly need more staff attention, etc. You won't be monitoring the staff or customers,you'll be monitoring the shop floor and the products on it.
GDPR actually makes it easier for staff or customers to object to video surveillance in areas in which they may expect privacy. As such, more firms are taking a 'privacy by design' approach, which has become a focus regarding GDPR. Although privacy by design isn't specifically about offering data protection, it is designed so that data does not need protection. GDPR states that 'data controllers (you) must put organisational and technical measures in place to reduce the amount of data processing'. However, businesses should only process data when it's necessary.
As privacy by design is becoming a popular discussion topic within the security industry, businesses are advised to take part in Privacy Impact Assessments (PIAs) that help to identify and reduce any potential privacy risks presented by IP CCTV Systems that could harm personal information.
In order to treat this issue, you should highlight a security risk that could be reduced by having CCTV installed in such areas. The key to doing this is remembering what your operational requirements are.
How To Capture Data and Abide By GDPR
As soon as they're in place, video surveillance cameras will begin capturing images – personal data. A great way to inform people that their images are being recorded is by using signage. Not only will this act as the informing element to people that they are in the frame of the camera, it will also work as an additional deterrent to anyone with nefarious intentions. Under GDPR, the data that your IP CCTV Systems capture can generally be retained for 30 days – but it can be kept for longer if required (a risk assessment must be done explaining why).
Images captured by your cameras may sometimes be requested by the police – but ensure that they have submitted a written request to you. This then becomes a justifiable reason for you to keep the footage for longer than the 30-day period. Police would usually view the footage on your premises, so this would not warrant any concern for the data leaking out.
With data breaches being a risk, it's important to ensure that any images you capture are properly secured and encrypted where possible. This is something that you can easily achieve with IP CCTV Systems – working with the internet to store images on virtual secure servers, they remove the need for any physical storage devices to be used. Why not get in touch with us today to learn more about their benefits?
Get In Touch To Learn More About IP CCTV
If you're interested in learning more about how an IP security camera can help to protect your business, its employees,customers and abide by your responsibilities to GDPR, the expert team here at Maxtag can help.
Having been operating within the industry for over 20 years, we have established a leading service that has helped numerous businesses, public and private institutions to safeguard their security. Regardless of your requirements, the budget you have available or the set-up of your building, we have proven experience of creating security solutions that are able to protect and improve the operational capabilities of our clients.
To learn more, you can get in touch with us by calling 0800 0443160 or you can send an e-mail to us at firstname.lastname@example.org.