It is important for businesses of all sizes to understand the regulatory requirements, and know what actions are needed to be prepared.
The GDPR regulation will come into force on 25th May 2018.
So, the reality is you are now acting as a Data Controller, and with this comes responsibility.
If it is for employee monitoring or health & Safety, this needs to be highlighted to persons being captured by the cameras.
A sign(s) highlighting CCTV use and contact number for anyone wishing to follow up is sufficient.
Access Requests for personal data GDPR states ‘Any person whose image is recorded on a CCTV system has a right to seek and be supplied with a copy of their own personal data from the footage.’ So, anyone who is captured by your CCTV cameras has the right to request that footage, it is seen as personal data.
They must follow a procedure, but are perfectly within their rights.
Security companies or CCTV Engineers, follow this procedure.
You will be open to data breaches if a third party can distribute, or remove, personal data in the form of CCTV images without following the above procedures.
Remember, CCTV may not have as great an impact on crimes that can be committed quickly, and it can mean that staff and customers stop being so vigilant to crime and violence as they rely on the CCTV system.
As with all control measures, you have to look at your risks and decide whether CCTV may help to control those risks.
The General Data Protection Regulation (GDPR) is only around the corner.
The new regulations will drastically change the way organisations need to approach data and the capture and handling of CCTV footage.
A Data Controller needs to justify reasons for storing and retaining data. If you feel you need to retain CCTV data for longer, then your risk assessment should state how long and why.