Closed Circuit Television, or CCTV, has been in widespread use by businesses throughout the UK since the 1970s. As CCTV has become more affordable in the last 20 years, it has also become much more widely used in Domestic properties, too.
The UK has seen an explosion in the number of CCTV cameras – ranking third place globally for the number of installed CCTV cameras per capita, behind only the USA and China.
Whilst the primary purpose for installing CCTV is to act as both a deterrent for crime, and to provide a means of investigating crimes after they have been committed, there are many more ways in which CCTV can be used (and misused).
CCTV Operators, both business and domestic, need to be aware of the legal implications of their use.
GDPR & CCTV
Many people will have heard of the term GDPR, which is an abbreviation for General Data Protection Regulation – a piece of European legislation which originally came into force in 2018, which was then retained as UK law following Brexit.
The UK GDPR, combined with the Data Protection Act 2018, outline the acceptable ways in which businesses and private individuals are permitted to process personal data, which includes the images of people captured by CCTV cameras.
In short, the legislation permits the continued use of CCTV by both businesses and private individuals – however, those operating CCTV (known as Data Controllers) must do so in a manner that is proportionate and justifiable.
The legislation also provides certain rights to people whose images are captured by CCTV cameras (known as Data Subjects), which must be respected by CCTV Operators.
Why use GDPR Safe?
GDPR Safe allows CCTV Operators to formally document their justifications for operating a CCTV system, satisfying the legal requirement of the UK GDPR for personal data to be processed in a lawful, fair & transparent manner.
A GDPR Safe Policy serves as evidence to both Data Subjects and The Information Commissioner’s Office that you have carefully considered the implications for using CCTV, the impact of those decisions on the privacy of others, and the protections you will put in place to safeguard personal data.
The ICO have the power to impose fines upon Data Controllers that break the law or fail to uphold the rights of Data Subjects.
The individual or business responsible for operating a CCTV system (known as a Data Controller) must be able to demonstrate their compliance with the legislation on request – and a comprehensive GDPR Safe Policy is the easiest way to satisfy this requirement in most instances.
