Don’t think that the only part of your business that relates to GDPR compliance is your client database, the information captured by cameras is also included in the regulation
The Data Protection Act 2018 was the UK’s implementation of the General Data Protection Regulation (GDPR). From then everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly, lawfully and transparently.
Back in October 2021 the application of GDPR with electronic security technology came to the fore when a judge ruled that security cameras and a Ring doorbell installed by an Oxfordshire homeowner “unjustifiably invaded” the privacy of his neighbour and ultimately broke data laws and contributed to harassment. Even though the devices were installed in good faith as a deterrent against burglars the homeowner faced a hefty fine by failing to take into consideration that he was capturing the movements of people visiting his neighbour plus he a had a considerable view into their back garden via the Wi-Fi camera fitted to his shed.
If this didn’t have alarm bells ringing for security installers then it should have because, up until that point, GDPR had the image of only relating to the handling of databases and personal information gathered during business transactions. The fact that it also relates to the data gathered by surveillance systems and video doorbells was news to many.
To find out why installers need to be thinking about GDPR and their contracted jobs, we spoke to Adam Read of GDPR Safe:
How widespread do you think non-compliance might be with CCTV in the UK?
Very. Compliance is actually pretty complicated – it’s not as simple as erecting some signage and leaving it at that. It’s an ongoing effort, not a one-off exercise. However, if we were to look simply at those installs that fall at that first hurdle, it’s clear to see that the vast majority of installations are not compliant.
Whose initial responsibility is it to ensure installations are GDPR compliant?
The law places the ultimate responsibility for compliance on the data controller(s). A data controller is someone who exercises “overall control over the purposes and means of the processing of personal data”. In practice, this usually means whoever made the decision to install CCTV on their property – such as a home owner or business.
What happens if a site is not compliant?
The Information Commissioner has substantial powers to fine data controllers that fail to meet their legal obligations. Civil claims for compensation may also be made by individuals who claim that their rights haven’t been respected.
Read the full article in the March 2020 edition of PSI magazine