It’s been some months now since the General Data Protection Regulation (GDPR) was introduced (in May 2018) as official legislation here in the UK. With more businesses implementing new camera systems combined with cloud CCTV storage as a result of the guidelines, we discuss what businesses in the county can do to ensure continued compliance, and what the consequences could be if not approached correctly.
Despite what many business owners think, GDPR has replaced the Data Protection Act (DPA) here in the UK. Although you may have previously been in line with this ruling, there are new areas that you must cover with GDPR.
With GDPR being pushed forward by the European Union and its parliament, it will continue to play a significant role in Britain after Brexit.
Did you know that there’s a 4% global annual turnover penalty?
If you haven’t fully complied with the recent legislation yet, you could find yourself with a fine that equates to 4% of your annual global turnover.
To ensure you’re compliant:
- You need a strong and valid reason for the placement of CCTV around your perimeter.
- You can’t use CCTV to ‘watch over’ your employees.
- You must not place CCTV in places where employees expect privacy i.e. canteens.
- You must notify surrounding people that they are being recorded as employees and site visitors become data subjects.
- You shouldn’t keep data for over 30 days — under different circumstances, this can
- You have a duty to protect the data that you collect.
Avoiding prosecution
To avoid prosecution by the European Parliament, you must fully understand the list discussed above and correspond them with the below:
- A reason for CCTV. This could be to help protect your employees when it comes to health and safety, for example, and capture any incidents that could potentially occur — such as a robbery.
- Compile an operational requirement, which should support your decision for CCTV placement.
- Highlight a security risk which could be minimised through CCTV — whether this is being placed in canteens or smoking areas. An operational requirement can be made in this instance too.
- Notify the public that you are recording them for CCTV and security purposes by putting up signs that signal this — include a contact number too, so anyone can contact if they incur any issues.
- Dispose of your data after 30 days of retainment — it can be kept for longer if the local authorities have a written request and must view it on your own premises.
- Avoid data breaches by drafting up a contract with your security supplier (who will become your data processor under GDPR legislation) and highlight what they can and can’t do with any footage that they obtain from your surveillance.
CCTV can be a tough area for businesses to get right, but with the help of Northeast-based 2020 Vision — corporate protection is made easier. Make sure that you’re covered at all costs by clicking here to avoid facing tremendous penalties for non-compliance.