Posted on: 11 April 2019
GDPR beyond personal information
When GDPR was implemented in May 2018, many companies focused on the way that they digitally hold personal details of the people who use the company’s services. However, GDPR also protects how the physical appearance of your customers is recorded and stored.
CCTV can help protect yourself, your customers and your business but this has raised concern from the Independent Commissioners Office (ICO) due to privacy breaches.
Signs telling people that they are being recorded must be displayed in a prominent position and be easy to read, but did you know that you must also inform the ICO that you are using CCTV?
ICO CCTV checklist
By taking a look at the ICO’s website, you can find a checklist on how to inform them that you are using CCTV, and you must also be prepared to justify why you are using it.
Installing your CCTV
When you install your CCTV, you must assess the impact on peoples’ privacy when coming to your premises, but also regularly review if CCTV is the best form of security for your business. You will also need to have registered with the ICO, which comes with a fee of between £40 and £2,900, based on the turnover of your company.
Managing your CCTV
The use of your CCTV should be covered by a policy that outlines how CCTV is used in your business and who is responsible for the CCTV. This will usually be the person, or people, responsible for security at your business, and any associated managers. The number of people who can access CCTV footage should be kept to the minimum amount of people who need to review the footage.
You will also need to detail the process to follow when responding to individuals or organisations who ask for copies of footage or images that your CCTV has captured.
Your staff should also be trained on how to operate your CCTV systems and how to find and respond to requests for footage and/or images.
Operation of CCTV
How you use CCTV is an important way of ensuring that you are using your CCTV in line with GDPR. You should only keep footage or images that you have recorded for as long as you need it for its’ required purpose. For example, if you are using CCTV to identify thefts from your business, you should only keep the footage as long as there is an ongoing investigation into the particular case of theft. Because of this, you will need to make sure that the footage that you capture is of a high enough quality to be of use in any criminal investigations.
Awareness and signage
If you already have CCTV, you will know that you need to clearly display signage that says you are using CCTV to record images. If you have never used CCTV before, it may be a good idea to implement signage when you are first installing your CCTV systems.
Fines under GDPR
At the time of writing, there have been no GDPR fines from the ICO. However they provide guidance for companies on how to improve their data practices to avoid the potential fines under GDPR. Take a look at our article on what some of the ICO’s previous fines may have looked like under GDPR to see the impact that GDPR could have.
Other EU countries, however, have not been as understanding in the early days of the regulation’s implementation, with Facebook and Google both receiving a €50 million fine from French data watchdog CNIL.
Business insurance with Premierline
Business insurance is essential to protect the business that you have built and your livelihood. Premierline Business Insurance Broker is committed to finding the perfect insurance package for your business, just get in touch and let us do the work.
Our insurance experts work with some of the UK’s most well-known insurers to give you a wide variety of choice when it comes to your insurance needs.
Compare business insurance
The information and tools contained in this guide are of a general informational nature and should not be relied upon as being suitable for any specific set of circumstances. We have used reasonable endeavours to ensure the accuracy and completeness of the contents but the information and tools do not constitute professional advice and must not be relied upon as such. To the extent permitted by law, we do not accept responsibility for any loss which may arise from reliance on the information or tools in our Knowledge Centre.