Is your business’ CCTV GDPR compliant?
GDPR has been a hot topic – and a bit of a headache – for businesses since the changes from the EU Data Protection Supervisor came under effect on the 25th May.
There were a few vital changes that could be extremely costly – to the tune of 4% of annual turnover – if they’re not followed. Previously, the Information Commissioners Office (ICO) could only impose fines of a maximum of £500,000. Since the new framework came into place in May, the ICO reports that 25 UK firms have been fined for data breaches. To date, Facebook Ireland faces the largest fines (£500,000).
The biggest changes to be approved include the transparency of data collection, essentially, the end of incomprehensible small print. Small print for privacy and security must be written in plain language, stating how customer data will be used. The accessibility of the data collected has also been modified. Your customers have the right to access any data in which they appear, free of charge and the right to have data relating to them erased.
But how do these changes pertain specifically to your CCTV system?
GDPR and your CCTV
- These new changes state that there must be clear signage, letting customers know that they will be recorded.
- Conduct an assessment of all your current cameras. Do they serve a legitimate purpose? Do you still need them to record this area?
- Any recordings should be disposed of within one month of recording or not kept longer than is necessary.
- Any recordings must have the legitimate purpose of protecting your business and those accessing the site.
- Only a select number of employees should have authorised access to your CCTV recordings. These authorised employees should only be those who need to access this data to do their job.
- Recordings must be accurate and kept up to date – time and date stamps must be accurate. Check yours has changed accordingly with daylight savings.
- Check access to your stored footage or video feeds. Does your CCTV provider have access to your systems live or recorded images?
- Read more on the full framework.
Is your company compliant?
Although GDPR changes have now been in effect for nearly six months, don’t panic, companies do have up to two years to ensure that they are fully compliant. Therefore, right now, to avoid any major issues, do everything you can to secure your data by storing it correctly (with reliable anti-virus software and cyber insurance if necessary) and improving the transparency of how you collect data. Even if your company has been the victim of a hack, you will still be held responsible. This could mean substantial fines due to failure to have robust prevention in place.
GDPR after Brexit. What will be the effect?
These GDPR changes currently affect all companies which operate or have customers within it. The proposed Brexit date of the 29 March 2019), has left expansive uncertainty for UK businesses interacting with the EU. Once Brexit has come into effect, Britain will be permitted to change any aspects of the policy which it sees fit. However, any significant changes in the policy could prove to be a headache for companies dealing with the EU as they will still have to abide by the EU laws too.
Do you have an existing CCTV system you want to upgrade or are you looking to install one? Contact SCG to discuss a bespoke CCTV system for your business.