Blog » CCTV OPERATION AND THE NEW GDPR RULES
CCTV OPERATION AND THE NEW GDPR RULES
21 February 2018
Many companies have recognized the advantages of using CCTV, however, there may be many questions arising related to their usage: Do you have to apply the same rules to your employees and to your customers? Whom do you have to ask permission? How should you provide information? Where should you put your warning? We will give you answers to these questions in this article.
Using security camera means handling personal data
No matter how strange it sounds, other people’s look, face, voice is considered as personal data the same way as if we would talk about their name or birth date. So if you make a recording where other people are involved, you must take care of such recording in a way that complies with the new EU data protection rules.
This means that – among other requirements – you need a legal base to make and store recordings, and lay down rules how long we want to keep such recordings, who can have an access to such data, and how we protect them.
The basis of processing data
We have already mentioned in our article about monitoring the employees that in certain situations the employer is allowed to make recordings about the employees. For doing to it is not necessary to receive permission from the employee, you should only inform your employees about the fact that a recording is being made.
It is important that the lack of permission is not always correct. In the above mentioned situation it is acceptable, because there is a special connection between the parties: an employment relationship. Here, the law makes it acceptable that the employer can control the process of the work to protect his interests.
However, if we have a look at a store or a restaurant, where customers come and go, or a warehouse, where people from other companies arrive with their vehicles to deliver goods, there is no automatic permission by law that you can make recordings without their prior consent.
Law may create exceptions similar to the employment relationship, and describe a situation when somebody’s interests overwrite others’ rights regarding to their personal data (for example protecting life and physical safety, or guarding dangerous material). In such special occasions information may be enough.
However, if you are not in any of the above mentioned categories, then you must obtain the prior approval of the persons being recorded. Don’t worry, you don’t have to think about difficult authorizing procedures, it doesn’t even have to be in writing. The silent conduct of a person can be acceptable. Thus, if there is a clear sign at the entrance of the building that there is a CCTV in operation, the person standing outside can decide whether he accepts the fact that he will be recorded and enters, or doesn’t enter.
Because in most cases the recording of foreign people is based on prior consent, it is very important that the conduct of the approval must be based on clear information. It is a basic rule that the warning must be outside the recorded place, so that the entering person should not find this information when it is way too late.
The correct information means that you should create a clearly visible, and an outstanding warning that mustn’t be hidden (for example by a curtain or other objects), and the bigger it is the better, so that it can be easily recognized.
The GDPR stresses that the sign should also be clear in a way that even a child could understand that. Considering this, instead of difficult legal expressions, it is better to use a picture and simple words marking that there is CCTV in operation.
The above written explanation might look like being in contradiction with the requirement of the GDPR to provide detailed information. Indeed, if the data subjects would like to know more, you should make the detailed information easily accessible for them. For example about information about the length of storing the recordings, or who may have access to the recordings.
You may fulfil such requirements for example in case of monitoring a shop, by making the detailed rules available at the shop assistant, or in case of a warehouse, you may insert detailed information in the contract of your business partners and contractors.
And the other requirements?
Speaking of detailed rules, you may already suspect that having the legal base and giving information is not enough for making security camera recordings. Just because you put out a sign with a camera to the door, you can’t have a rest. There are other principles in the GDPR that you must comply with, and you also have to make sure that you continuously meet the requirements.
All the cameras must be set for a specified purpose, and you should always use the recordings accordingly. It is a good idea to record the purposes in writing so that later it will be easier to prove complying with them.
You should also create rules for time storing the recordings, because the GDPR doesn’t make it possible to store the personal data forever. When mentioning storing, it is an important question who can have access to the recordings. So you should declare clearly who is entitled to have access, and also what rights such access includes.
The rules themselves have no effect, if the controller doesn’t provide keeping such rules, including especially the security of storing the recordings and deleting the personal data in time.
There is no doubt that CCTV has many advantages, however in order to enjoy such advantages, you should provide the circumstances to comply with the new GDPR rules while you make, store, use and delete the recordings by security camera. To prevent the penalties it is worth to create internal rules.
CORONAVIRUS: GOVERNMENTAL MEASURES PROTECTING COMMERCIAL LESSEES IN HUNGARY
The worldwide coronavirus epidemic is causing serious problems in the economy as well, businesses in sensitive sectors fear a total loss of income for months. For this reason, the Hungarian Government introduced a ban on termination and rent increase for commercial lease contract in case the lessee operates in specific, sensitive sectors. However, there are several legal uncertainties surrounding the measure, which will be discussed in our brief article.Read more »
HUNGARY: CHOICE OF LAW BY CONDUCT IN LITIGATION? – JUDGMENT OF SUPREME COURT
Can the conduct of the parties during litigation amount to an implied choice-of-law agreement based on the Rome I Regulation? We analyse the fresh judgment of the Hungarian Supreme Court in this article.Read more »
LABOUR LAW CHANGES DURING THE CORONAVIRUS EPIDEMIC – 4 MEANS AVAILABLE FOR HUNGARIAN EMPLOYERS
The coronavirus is already having its unfortunate impacts in the whole world and there is almost no sector which has not been rocked by the effects of the virus. In this rather difficult situation, it is questionable for the employer how to manage their resources and how to protect their employees. The decree of the government effective from 19th March 2020 gives certain tools to the employers which may help them to optimize their operations and to defend their employees. In our short article we summarize these measures.Read more »