Blog » CCTV OPERATION AND THE NEW GDPR RULES
CCTV OPERATION AND THE NEW GDPR RULES
21 February 2018
Many companies have recognized the advantages of using CCTV, however, there may be many questions arising related to their usage: Do you have to apply the same rules to your employees and to your customers? Whom do you have to ask permission? How should you provide information? Where should you put your warning? We will give you answers to these questions in this article.
Using security camera means handling personal data
No matter how strange it sounds, other people’s look, face, voice is considered as personal data the same way as if we would talk about their name or birth date. So if you make a recording where other people are involved, you must take care of such recording in a way that complies with the new EU data protection rules.
This means that – among other requirements – you need a legal base to make and store recordings, and lay down rules how long we want to keep such recordings, who can have an access to such data, and how we protect them.
The basis of processing data
We have already mentioned in our article about monitoring the employees that in certain situations the employer is allowed to make recordings about the employees. For doing to it is not necessary to receive permission from the employee, you should only inform your employees about the fact that a recording is being made.
It is important that the lack of permission is not always correct. In the above mentioned situation it is acceptable, because there is a special connection between the parties: an employment relationship. Here, the law makes it acceptable that the employer can control the process of the work to protect his interests.
However, if we have a look at a store or a restaurant, where customers come and go, or a warehouse, where people from other companies arrive with their vehicles to deliver goods, there is no automatic permission by law that you can make recordings without their prior consent.
Law may create exceptions similar to the employment relationship, and describe a situation when somebody’s interests overwrite others’ rights regarding to their personal data (for example protecting life and physical safety, or guarding dangerous material). In such special occasions information may be enough.
However, if you are not in any of the above mentioned categories, then you must obtain the prior approval of the persons being recorded. Don’t worry, you don’t have to think about difficult authorizing procedures, it doesn’t even have to be in writing. The silent conduct of a person can be acceptable. Thus, if there is a clear sign at the entrance of the building that there is a CCTV in operation, the person standing outside can decide whether he accepts the fact that he will be recorded and enters, or doesn’t enter.
Because in most cases the recording of foreign people is based on prior consent, it is very important that the conduct of the approval must be based on clear information. It is a basic rule that the warning must be outside the recorded place, so that the entering person should not find this information when it is way too late.
The correct information means that you should create a clearly visible, and an outstanding warning that mustn’t be hidden (for example by a curtain or other objects), and the bigger it is the better, so that it can be easily recognized.
The GDPR stresses that the sign should also be clear in a way that even a child could understand that. Considering this, instead of difficult legal expressions, it is better to use a picture and simple words marking that there is CCTV in operation.
The above written explanation might look like being in contradiction with the requirement of the GDPR to provide detailed information. Indeed, if the data subjects would like to know more, you should make the detailed information easily accessible for them. For example about information about the length of storing the recordings, or who may have access to the recordings.
You may fulfil such requirements for example in case of monitoring a shop, by making the detailed rules available at the shop assistant, or in case of a warehouse, you may insert detailed information in the contract of your business partners and contractors.
And the other requirements?
Speaking of detailed rules, you may already suspect that having the legal base and giving information is not enough for making security camera recordings. Just because you put out a sign with a camera to the door, you can’t have a rest. There are other principles in the GDPR that you must comply with, and you also have to make sure that you continuously meet the requirements.
All the cameras must be set for a specified purpose, and you should always use the recordings accordingly. It is a good idea to record the purposes in writing so that later it will be easier to prove complying with them.
You should also create rules for time storing the recordings, because the GDPR doesn’t make it possible to store the personal data forever. When mentioning storing, it is an important question who can have access to the recordings. So you should declare clearly who is entitled to have access, and also what rights such access includes.
The rules themselves have no effect, if the controller doesn’t provide keeping such rules, including especially the security of storing the recordings and deleting the personal data in time.
There is no doubt that CCTV has many advantages, however in order to enjoy such advantages, you should provide the circumstances to comply with the new GDPR rules while you make, store, use and delete the recordings by security camera. To prevent the penalties it is worth to create internal rules.
3 THINGS A LESSOR IN HUNGARY MUST KNOW ABOUT LESSEES’ INVESTMENTS
In case of leasing an office, warehouse or other industrial property, lessees often make significant investments to the premises, which can easily result in a dispute when the contract is terminated. From our article, you can learn what should you to take into account as a lessor in relation to investments made by lessees.Read more »
ONLINE SHOPS IN THE CROSSHAIRS OF EUROPEAN COMMISSION
The European Commission makes a thorough investigation on a particular field from a consumer protection view, and issues a report about the results. Topics like airlines, electronic devices and consumer loans have already been discussed before. This time the report is made on online shopping, that can be useful for those who run an online store. In our current article we will introduce you three things to avoid when you operate an online shop.Read more »
CARS HAVE SURPRISINGLY MANY ANTENNAS – FACTORY TOUR AT OUR NEW CLIENT
Our law firm provides legal services to Hirschmann Car Communication Kft. from March. In order to understand better out Client’s operations, our colleagues travelled to Békéscsaba to visit our new client.Read more »