The highly anticipated General Data Protection Regulation (GDPR) was introduced on 25th May 2018. This new European Union privacy law aims to bring all EU members states under one umbrella by enforcing a single data protection law. The law is intended to provide guidelines and regulate how data is processed, used, stored or exchanged. It applies to any organisation which sells goods or services to citizens of the EU and process or monitor the personal data of EU residents. Whilst we all received a mountain of emails from companies want us to confirm we’re happy with their correspondence, there seems to be a knowledge gap surrounding the CCTV aspect of GDPR.
With harmful penalties such as 4% global annual turnover fee being enforced, businesses need to ensure they are cooperating with the new ruling. The GDPR introduction means that building/business owners now require a valid reason for the placement of cameras. Employers are not allowed to use CCTV to watch their employees, but can use it to protect employees when it comes to health and safety. The law protects an employees’ right to privacy meaning that your staff have to be comfortable with the placement of cameras and can object to CCTV being fitted into certain areas. However, if the camera is minimising a potential security risk, this can be used as a valid reason to carry out the installation.
If you currently have CCTV installed into your work place or home is it important to inform those who operate in and around your location that cameras are in use. The most common resolution is to display clear signs declaring “CCTV is in operation”.
Whist your DVR may have the capacity to record more, GDPR now means that captured footage can only be held for a maximum of 30 days. A risk assessment would need to be carried out if you need to hold the footage for longer. Some locations such as pubs and hotels maybe required to hold their footage for longer by the local council as part of their premises license. The storage of this footage should also be considered. Screens displaying the footage should only be visible by authorised individuals and not by members of the public. Regardless of format all CCTV should be encrypted and locked away.
Overall GDPR does not discourage CCTV installation, but instead encourages companies to use it for protection and monitoring whilst avoiding an invasion of privacy.
If you want to find out more about installing and maintaining CCTV systems, please get in touch!
