Organizations that use CCTV systems could be putting themselves at risk of breaching GDPR data protection and privacy requirements by failing to understand how the forthcoming regulations cover the collection of visual data.
That was a warning issued by Andrew Charlesworth, Reader in IT Law at the University of Bristol, in white paper Watching the Watchers.
Charlesworth highlighted the fact that because there has been little regulation governing CCTV systems (until now) there is a danger that users will fall short in their obligations to ensure safe usage under GDPR, which comes into force in just six months. What’s more, a lack of any compulsory CCTV registration process makes it difficult to gauge how many systems are actually being used in the UK, although research from Cloudview suggest the figure sits around 8.2 million cameras – all of those will need to comply with the GDPR come May 2018.
“Changing technology created the need for the GDPR, altering both the data protection environment and public perceptions of what constitutes acceptable data processing,” Charlesworth said. “From May all CCTV operators will have to be proactive in assessing, improving and ‘evergreening’ their compliance efforts – tickbox compliance will no longer be sufficient.”
Users need to assess their CCTV systems alongside the rest of their IT, advised James Wickes, CEO and co-founder of Cloudview, and remember that the law applies to everything from a single camera monitoring the entrance to their office or home to a larger system used in a business, housing or public spaces.
“The good news is that the GDPR gives CCTV users an opportunity to tackle what is often a negative image and take the lead in demonstrating accountability and privacy protection. They can also use new technologies such as cloud, which enables them to meet the new regulations while improving data accessibility and security.”