Many of our businesses will have CCTV systems installed, but did you know that the General Data Protection Regulation, otherwise known as GDPR, could have detrimental implications on your organisation? Set to be introduced on the 25th May 2018, considering what actions you must take is essential to ensuring your company does not face the tough consequences that have been set out.
We’re already complying with the Data Protection Act 1998 (DPA), but GDPR will replace it. Even though it is a piece of European Union legislation, it is likely that Britain will adopt this even after Brexit — meaning that your company should be preparing for the worst.
Avoiding the €20 million penalty
The penalty for businesses that do not comply are tough — with a potential fine of 4% of the company’s global annual turnover or €20 million — whichever is greater, so if your business has CCTV, you must be compliant. Here are some of the key things you need to know:
- You need a strong and valid reason for the placement of CCTV around your perimeter.
- You can’t use CCTV to ‘watch over’ your employees.
- You must not place CCTV in places where employees expect privacy i.e. canteens.
- You must notify surrounding people that they are being recorded as employees and site visitors become data subjects.
- You shouldn’t keep data for over 30 days — under different circumstances, this can
- You have a duty to protect the data that you collect.
Changing your business for GDPR
In line with our guidance to avoid the harsh penalties above, we’re created an extra list that your business must be aware of when it comes to GDPR and what your business must think of when installing its next CCTV system with cloud CCTV storage.
- A reason for CCTV could be to help protect your employees when it comes to health and safety and capture any incidents that could potentially occur — such as a robbery.
- Compile an operational requirement, which should support your decision for CCTV placement.
- Highlight a security risk which could be minimised through CCTV — whether this is being placed in canteens or smoking areas. An operational requirement can be made in this instance too.
- Notify the public that you are recording them for CCTV and security purposes by putting up signs that signal this — include a contact number too, so anyone can contact if they incur any issues.
- Dispose of your data after 30 days of retainment — it can be kept for longer if the local authorities have a written request and must view it on your own premises.
- Avoid data breaches by drafting up a contract with your security supplier (who will become your data processor under GDPR legislation) and highlight what they can and can’t do with any footage that they obtain from your surveillance.
The date is coming closer for the implementation of GDRP, and you need to make sure that your business is fully compliant for its arrival. Make sure that you’re covered at all costs by clicking here and avoid facing tremendous penalties for non-compliers by working with 2020 Vision.