• About us
  • Pricing
  • Services
    • Consultancy
    • Training
  • Partners
  • Resources
  • Contact
  • Login
  • Try for FREE
Files on a shelf
Benefit from GDPR – declutter your organisation!
July 2, 2018
Could GDPR trip you up?
I wasn’t expecting that! Some indirect consequences of the GDPR
July 16, 2018
July 4, 2018
CCTV and GDPR

CCTV and GDPR – what you need to know to be GDPR compliant

Earlier this week, the ICO prosecuted a company operating CCTV in properties in Sheffield for failing to alert people to its use of CCTV, for failing to register with the ICO and for failing to comply with an Information Notice. This is likely to come as a shock to many organisations that aren’t aware that CCTV images are covered by the General Data Protection Regulation (GDPR). We take a look at what steps need to be taken for CCTV usage to be compliant with the new data protection legislation.

Pay your data protection fee to the ICO

CCTV images are considered to be personal data under the GDPR whether that CCTV just covers business premises or if it overlooks public areas.

Organisations and sole traders (with few exemptions) that process personal data must pay an annual data protection fee to the UK regulator, the Information Commissioners Office (ICO). If you haven’t paid your fee as a Data Controller (an organisation that processes data for their own means) then you don’t appear on the public register which as its name suggests can be readily searched by any member of the public.

Pay your fees here.

CCTV and GDPR

Inform people who are captured on CCTV

Many companies are getting to grips with the need to have a new, clearer privacy notice on their websites. If you use CCTV this needs to appear on that privacy notice. You will need to ensure that you communicate clearly to employees in their separate privacy notice or terms of contract.

GDPR also requires you to inform people at the point of capturing their information. For CCTV images this means putting up clear notices explaining that you’re capturing images wherever you have cameras. You also need to explain why you are using CCTV which is generally for security purposes but there can be other reasons like keeping an eye on manufacturing processes.

Control access to CCTV images

Your CCTV images may contain some information that could harm or distress people for example if there’s an incident your CCTV captures and someone posts it on the Internet.

For this reason, you need to carefully control CCTV images that you capture. They should be kept on an encrypted system and only certain people in your business should be able to access them.

Train staff with access to CCTV images

Those individuals who have access to footage need to receive specific training on controlling CCTV images. You will need to keep a log of this training to provide evidence in the case of a data breach or a complaint made to the ICO.

Delete CCTV footage you no longer need

It’s likely that you won’t need to keep security footage for long, a few weeks is usually plenty of time to cover the possibility of someone needing to examine footage. Under GDPR you can only keep personal data for as long as it is needed for the purpose for which it was collected. After that, you must delete it.

Storing CCTV footage if there’s an incident

If there is an incident, public authorities (like the police) will tell you what you need to keep for longer. In that case, it’s essential that you keep that data - it’s a data breach if you delete it after being told to keep it!

If no-one asks you to keep footage for longer than your standard retention time, then you should delete it on schedule.

Domestic use of CCTV

The ICO also asks homeowners to notify their use of CCTV. The ICO is particularly sensitive to CCTV and security recordings that also have soundtracks as this can divulge even greater sensitive information.

Find out more

Subscribe to our secure online platform and receive all the tools and guidance you need to become compliant with GDPR including further guidance on CCTV.


Protect your business - become and remain GDPR compliant with Astrid

 
Subscribe today
 
Share
Nicki Chennells
Nicki Chennells

Related posts

February 24, 2022

GDPR and CCTV cameras in vehicles – are you still compliant with data protection laws?


Read more

Leave a Reply Cancel reply

You must be logged in to post a comment.

Astrid Data Protection Ltd.

24 John Clare Close
Brackley
Northamptonshire
NN13 5GG

Useful links

  • Home
  • About us
  • Pricing
  • Services
  • Partners
  • Resources
  • Contact
  • Privacy notice
  • Cookie policy
Company number: 11166227 - ICO registration: ZA310233 - © 2018 Astrid Data Protection Ltd.
Astrid Data Protection Ltd uses cookies on this website. Some are essential, others improve functionality and track your use of the site to help us improve it. You can reject the functionality and tracking cookies using the Reject button. To find out more read our cookie policy. Accept Read More Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT