Businesses could find themselves paying a hard fee of 4% of their global annual turnover — so making sure that you’re compliant with the changes GDPR has regarding CCTV is essential. Here are some of the key things you need to know:
- You need a strong and valid reason for the placement of CCTV around your perimeter.
- You can’t use CCTV to ‘watch over’ your employees.
- You must not place CCTV in places where employees expect privacy i.e. canteens.
- You must notify surrounding people that they are being recorded as employees and site visitors become data subjects.
- You shouldn’t keep data for over 30 days — under different circumstances, this can
- You have a duty to protect the data that you collect.
GDPR Requirements: What Your Business Needs To Do To Avoid Prosecution
- A reason for CCTV could be to help protect your employees when it comes to health and safety and capture any incidents that could potentially occur — such as a robbery.
- Compile an operational requirement, which should support your decision for CCTV placement.
- Highlight a security risk which could be minimised through CCTV — whether this is being placed in canteens or smoking areas. An operational requirement can be made in this instance too.
- Notify the public that you are recording them for CCTV and security purposes by putting up signs that signal this — include a contact number too, so anyone can contact if they incur any issues.
- Dispose of your data after 30 days of retainment — it can be kept for longer if the local authorities have a written request and must view it on your own premises.
- Avoid data breaches by drafting up a contract with your security supplier (who will become your data processor under GDPR legislation) and highlight what they can and can’t do with any footage that they obtain from your surveillance.
If you need further help understanding the implementation of GDPR, contact Solutions4IT today to ensure that you don’t leave it too late before May 25th 2018.