Read about what GDPR for CCTV cameras cover, and follow this 7-step process to make sure you’re compliant.
A bit of housekeeping – what’s GDPR?
The General Data Protection Regulation, or ‘GDPR’ came into effect in May 2018. Created by the EU, this law protects personal data and controls how it is gathered, handled, and shared.
Personal data includes things like names, addresses, and phone numbers. Or, any information from which you could identify another person.
There has since been a huge emphasis within all industries to be GDPR compliant. Password protecting personal data and regulating how it is used has become standard practice.
The introduction of hefty fines (up to 4% of your annual turnover plus all costs associated with defending claims) for breaches or misconduct has pushed everyone to clean up their personal data archives.
GDPR & CCTV cameras
You may or may not be aware that CCTV images and video footage is considered personal data and is directly addressed within the act. The footage could be of a person’s face, a license plate, or include GPS data. So, companies who use vehicle cameras need to ensure the footage they collect is compliant.
With this in mind, it is important to note that GDPR cares about what the cameras capture, not the cameras themselves. So, to keep compliant it is imperative to have a secure and good quality system behind your cameras.
Keep your fleet GDPR complaint
CCTV footage should only be gathered if necessary for the operation of your business. It’s not enough to simply say that you’re collecting personal data; you also need to explain why you’re using it. Your reason should fall under these 6 lawful bases.
Additionally, you should follow these 7 steps:
- Inform the Information Commissioners Office (ICO) if you are using CCTV, and why.
- Specify a time-frame for storing footage (usually 1-2 weeks) before you start recording, and make sure there’s a process in place to delete the data.
- Inform both employees and people they could be picked up on your cameras. So, getting some bright signage on your vehicles to highlight to the public that CCTV is filming is paramount.
- Put a process in place for employees, should they wish to have access to footage of themselves. If you get a footage request, you have 1 month to share it with them.
- Make sure any footage that you gather respects people’s right to privacy and is stored in a secure place. Physical tapes should be stored in a locked cupboard and digital files should be saved in a folder that’s subject to access controls.
- Get in touch with the ICO within 72 hours of any GDPR breach.
- If you’re unsure, hiring a third-party CCTV operator will ensure you never fall on the wrong side of GDPR!
Just like a password-protected document with customer information, it is important to have a software system that keeps the footage your cameras capture secure.
For further details and guidance, visit www.gov.uk/data-protection-your-business/using-cctv.