CCTV systems offer a range of undeniable benefits, providing a sense of safety to employees, customers and the like while deterring crime in an exceptionally cost-efficient and effective manner.
Naturally, as an electronic security system, CCTV solutions capture copious amounts of valuable data. But many individuals fail to realise that this data falls under the purview of the General Data Protection Regulation (GDPR).
Indeed, the GDPR demands our attention to more than just the usual suspects of computer-based information. Personal images are also considered personal data, making it crucial for organisations utilising CCTV systems to handle and store image data in a secure, lawful and transparent manner.
While, at Sharp Group, we are adept at ensuring our clients’ CCTV systems align with GDPR requirements, we understand that many organisations remain unaware of their data protection obligations.
With that in mind, here is an overview of the simple steps to harmonise CCTV usage with the GDPR.
Know your purpose
From ensuring the security of premises to bolstering the prevention and detection of theft and other crimes, the purposes installing CCTV can be diverse and multifaceted. However, it is imperative to identify and define these purposes from the outset, laying a solid foundation for responsible data collection and processing.
Identify the lawful basis
Relying on legitimate interests as a lawful basis for CCTV requires a diligent and persuasive approach. Data controllers must demonstrate that CCTV is not only advantageous but also indispensable in achieving the intended purpose. This necessitates a thorough evaluation of alternative measures and an exploration of their effectiveness in addressing the identified concerns.
Commit to Proportionality
Evaluate the proportionality of CCTV usage, considering factors such as the size of the area to be monitored and the number of cameras employed. It is essential to strike a balance that aligns with the intended objectives without exceeding what is reasonably required.
Embrace Transparency
Enlighten those who traverse your premises with clear signage, revealing the purpose and scope of your CCTV surveillance. Let them know who to contact should they seek further information or have queries regarding the security of their personal data.
Implement Robust Technical Controls
Fortify the walls of your data fortress by establishing stringent access controls, securing servers with impregnable passwords, and bolstering your systems with multifactor authentication. Physical barriers shall complement these digital guardians, ensuring that your CCTV recordings remain impervious to unauthorised access.
Respectful Retention
Follow the GDPR’s call for data minimalism, Retaining CCTV recordings only for as long as necessary. In Ireland, the norm is 30 days, which we recommend adhering to.
Need help?
At Sharp Group, we have years of experience in guiding clients through the implementation of compliant and ethically responsible CCTV solutions.
Discover more about our electronic security systems here.