Data protection: why is a CCTV policy important?
CCTV often gets forgotten in the world of data, although systems are constantly creating and sharing data in the form of images. Any information that can be identifiable is considered as personal data under EU General Data Protection Regulations, meaning images produced and Video Surveillance systems in general require attention, to ensure that they are compliant with data protection laws. As part of this, a CCTV policy should be introduced.
· Is a policy in place?
The ICO (Information Commissioners Office) states that you will need clear procedures to determine how you use the CCTV system in practice. A policy is the easiest way to clarify that everyone involved in the organisation is using the CCTV system appropriately and consistently.
· What needs to be included in the policy?
A CCTV policy should cover the purposes you are using CCTV for and how you will handle this information, including guidance on disclosures and recording. Your policy will need to detail how long you will store images, as well as how they will be stored, mentioning any security measures in place to protect it (such as keeping the equipment in a secure cabinet, firewalls and encryption etc). It’s also important to note who the data will be shared with. For example, if the images will be passed onto the local Police force following a crime, your policy should state how this is done in a secure way (i.e. passed onto an Officer in person, via a USB stick).
· What other considerations should be made?
It is also generally good practice to assign day-to-day responsibility for CCTV to an appropriate individual. This could be an Operations Manager, Security Manager or someone else trusted within the company. They should ensure that your organisation sets standards, has procedures in place and that the system complies with legal obligations including individuals’ rights of access. The individual needs to ensure all aspects of EU General Data Protection Regulations are followed, including installing compliant signage.
Any business which has a CCTV system in place is required to notify people that images of them are being recorded. All signage needs to detail the organisation operating the system, what it is being used for and list the contact details of who they can call if there are any queries. When managing agents change or property is sold, so does the authority responsible so it is important the signage around the premises is updated with the new authorisation’s details.
Watch Systems Limited can provide a full site audit, to check the compliance of your system and make recommendations accordingly. For further information regarding CCTV GDPR and the effect it has on your business’s security, read our blog post here.