Yes, you need to register with the ICO if you use CCTV or other electronic surveillance equipment.
In most situations, companies that operate from multiple premises only need to register once.
When using surveillance systems like CCTV, it’s important to conduct a Data Protection Impact Assessment (DPIA) for processing that poses a high risk to individuals. A DPIA is required by law for properties using CCTV, ANPR, Body Worn Video, Drones, Facial Recognition Technology, and in some cases Ring door cameras, dash cams, action cams and electronic access controls.
If you have recently taken over management of a property with any of these systems, ask for an up-to-date copy of their DPIA. The DPIA should be reviewed regularly, preferably annually. If there is no document or it is outdated, you must conduct a new DPIA or arrange for one to be done.
t’s important to let people know that they are being recorded. Make sure the signs are clear, located properly, and there are enough of them. This is to ensure transparency and let individuals know their personal data is being captured.
Place the signs at a reasonable distance from the monitored areas so people can see them before entering. If you use websites or social media to inform people, make sure to direct their attention to the information. Physical signs with extra information can provide a more detailed privacy notice.
Signs should be more noticeable in areas where people are less likely to expect surveillance. For example, if you have a surveillance system in a large public area, use more prominent signage.
For instance, in a multi-storey car park using CCTV cameras, have signs inside and at the entrance. Include details about the organisation operating the system, the purpose, and provide a link to the privacy policy and contact information
he data should be stored within the UK and not outside. If you’re uncertain, ask the CCTV company to confirm in writing where the cloud is based and where the data is stored. It’s important to have an up-to-date and documented data sharing agreement in place.
Recording audio using surveillance systems is subject to certain considerations and requirements. Continuous recording of audio requires a strong justification, which needs to be documented and thoroughly risk assessed. Prior to using any recording device capable of recording private conversations, you must conduct a Data Protection Impact Assessment (DPIA).
This applies to operators and data processors, including contracted security companies, who are using surveillance systems such as CCTV, ANPR, Body Worn Video, Drones, Facial Recognition Technology & under some certain circumstances Ring door, Dash, and Action Cameras as well as Electronic Access Control.
Yes, if you disclose someone’s images or personal data without complying with Data Protection Law, it could be a criminal offence.
Yes, if you disclose someone’s images or personal data without complying with Data Protection Law, it could be a criminal offence.
Yes, By being trained and knowledgeable about these aspects, you can ensure compliance with the GDPR and fulfil your responsibilities effectively.
The training should cover topics such as:
If you are not directly employed by the Data controller, then you must have the appropriate SIA licence to view or review any surveillance footage.
GET IN TOUCH WITH DATPRO
At Datpro, we work with businesses across different industries who require professional support with their data compliance. Our diverse portfolio of clients comprises various sectors
Datpro, Errwood House,
212 Moss Lane, Bramhall,
Stockport, Greater Manchester
SK7 1BD
2023 Copyright Datpro. All Rights Reserved : Privacy Policy