Blog » CCTV OPERATION AND THE NEW GDPR RULES
CCTV OPERATION AND THE NEW GDPR RULES
21 February 2018
Many companies have recognized the advantages of using CCTV, however, there may be many questions arising related to their usage: Do you have to apply the same rules to your employees and to your customers? Whom do you have to ask permission? How should you provide information? Where should you put your warning? We will give you answers to these questions in this article.
Using security camera means handling personal data
No matter how strange it sounds, other people’s look, face, voice is considered as personal data the same way as if we would talk about their name or birth date. So if you make a recording where other people are involved, you must take care of such recording in a way that complies with the new EU data protection rules.
This means that – among other requirements – you need a legal base to make and store recordings, and lay down rules how long we want to keep such recordings, who can have an access to such data, and how we protect them.
The basis of processing data
We have already mentioned in our article about monitoring the employees that in certain situations the employer is allowed to make recordings about the employees. For doing to it is not necessary to receive permission from the employee, you should only inform your employees about the fact that a recording is being made.
It is important that the lack of permission is not always correct. In the above mentioned situation it is acceptable, because there is a special connection between the parties: an employment relationship. Here, the law makes it acceptable that the employer can control the process of the work to protect his interests.
However, if we have a look at a store or a restaurant, where customers come and go, or a warehouse, where people from other companies arrive with their vehicles to deliver goods, there is no automatic permission by law that you can make recordings without their prior consent.
Law may create exceptions similar to the employment relationship, and describe a situation when somebody’s interests overwrite others’ rights regarding to their personal data (for example protecting life and physical safety, or guarding dangerous material). In such special occasions information may be enough.
However, if you are not in any of the above mentioned categories, then you must obtain the prior approval of the persons being recorded. Don’t worry, you don’t have to think about difficult authorizing procedures, it doesn’t even have to be in writing. The silent conduct of a person can be acceptable. Thus, if there is a clear sign at the entrance of the building that there is a CCTV in operation, the person standing outside can decide whether he accepts the fact that he will be recorded and enters, or doesn’t enter.
Because in most cases the recording of foreign people is based on prior consent, it is very important that the conduct of the approval must be based on clear information. It is a basic rule that the warning must be outside the recorded place, so that the entering person should not find this information when it is way too late.
The correct information means that you should create a clearly visible, and an outstanding warning that mustn’t be hidden (for example by a curtain or other objects), and the bigger it is the better, so that it can be easily recognized.
The GDPR stresses that the sign should also be clear in a way that even a child could understand that. Considering this, instead of difficult legal expressions, it is better to use a picture and simple words marking that there is CCTV in operation.
The above written explanation might look like being in contradiction with the requirement of the GDPR to provide detailed information. Indeed, if the data subjects would like to know more, you should make the detailed information easily accessible for them. For example about information about the length of storing the recordings, or who may have access to the recordings.
You may fulfil such requirements for example in case of monitoring a shop, by making the detailed rules available at the shop assistant, or in case of a warehouse, you may insert detailed information in the contract of your business partners and contractors.
And the other requirements?
Speaking of detailed rules, you may already suspect that having the legal base and giving information is not enough for making security camera recordings. Just because you put out a sign with a camera to the door, you can’t have a rest. There are other principles in the GDPR that you must comply with, and you also have to make sure that you continuously meet the requirements.
All the cameras must be set for a specified purpose, and you should always use the recordings accordingly. It is a good idea to record the purposes in writing so that later it will be easier to prove complying with them.
You should also create rules for time storing the recordings, because the GDPR doesn’t make it possible to store the personal data forever. When mentioning storing, it is an important question who can have access to the recordings. So you should declare clearly who is entitled to have access, and also what rights such access includes.
The rules themselves have no effect, if the controller doesn’t provide keeping such rules, including especially the security of storing the recordings and deleting the personal data in time.
There is no doubt that CCTV has many advantages, however in order to enjoy such advantages, you should provide the circumstances to comply with the new GDPR rules while you make, store, use and delete the recordings by security camera. To prevent the penalties it is worth to create internal rules.
CAN THE CHOICE OF COURT AMOUNT TO THE CHOICE OF LAW? – THE SUPREME COURT DECIDED
Shall it be considered as the choice of the English law if the party first starts a litigation in England regarding to a Hungarian project? How much of a role do the procedural acts of the parties play in relation to the choice of law applicable to a contract? In this article we analyse the fresh judgement of the Supreme Court, in which, among others, the highest court addressed the issue of the tacit choice of law.Read more »
TEMPORARY EMPLOYMENT AT DIFFERENT EMPLOYER IN HUNGARY – NEW LEGAL RELATIONSHIP?
What are the main risks if you employ your staff at different employer, within or outside the company group? Is that a new legal relationship, is remuneration payable for that, or the “good old” labour contract can cover this situation? In a recent judgement the Hungarian Supreme Court Curia addressed these questions. In our short article we analyse the judgement and summarize what you as an employer should consider if you would like to temporary reassign your employee.Read more »
OVERVIEW OF THE TRAVEL RESTRICTIONS TO HUNGARY FROM 1st SEPTEMBER 2020
Travel restrictions to Hungary (“Travel Restrictions”) can be regulated on unilateral, bilateral or multilateral level. So far, we have knowledge about one unilateral and three bilateral travel restrictions adopted by the Hungarian government, so this overview will be focused on these. However, given the fast-changing nature of the situation, it can be the case that more bilateral agreement will be adopted, that change the current legal environment.Read more »