Data Protection Advice when considering a commercial CCTV system
If you have a business and run it from business premises you may have CCTV installed or are considering having it installed, however are you complying with the General Data Protection Regulation (GDPR)?
If you have CCTV you must:
· Have a CCTV policy written up for staff.
· You must display a sign stating that CCTV is in operation and it should have details of who is responsible.
· Your recordings should be in a secure area/room and only nominated staff stated in your CCTV policy are allowed access.
Never misuse surveillance footage, it is classed as personal information under section 29/35 of the DPA
If there is a request from someone for personal data then this should be handled under subject for access provisions of the data protection act.
Subject access requests should be responded to promptly. Once a subject access request(SAR) has been made there is a 40 day response period and this is a statutory requirement.
If considering a CCTV system then a privacy impact assessment (PIA) would be advised.
A PIA is recommended for projects where new and intrusive technology is being used or where private or sensitive data which was collected for a limited purpose is going to be used in an unexpected way.
When installing any system from CCTV to a simple lock for business or residential our team will advise on current regulations etc so that you can be confident you will have the correct system installed for you particular requirements.
Have a look on our website for more information on our Alarm solutions.