CCTV signs: Are yours GDPR compliant?
Many people were worried about the new regulations when they first came out. Yet they are really little different from the requirements that were previously in place with regards to CCTV operation. Have you made sure that your CCTV signage is compliant with GDPR regulations? Do you understand what the CCTV signage regulations are and how to best implement them?
Around six million CCTV surveillance cameras are operational in the UK, according to the British Security Industry Association (BSIA), 1 for every 10 people. In May 2018, General Data Protection Regulation (GDPR) came into effect. So anyone with a CCTV system – even if it’s just one camera – is now required to comply and use their systems within the new guidelines. A major element of the new rules include the use of CCTV signs in public space.
Many people were worried about the new regulations when they first came out. Yet they are really little different from the requirements that were previously in place with regards to CCTV operation. Have you made sure that your CCTV signage is compliant with GDPR regulations? Do you understand what the CCTV signage regulations are and how to best implement them? Read on to find out more.
CCTV GDPR affects all businesses
Any businesses that have a CCTV system are obliged to notify people that images of them are being collected. These images are classified as ‘personal data’ because it’s possible to identify an individual from that information. The most effective method of alerting people is via clearly placed signs within any area captured by the cameras – in fact, the best place is as they first come into range of the cameras, so normally by the entrance.
Prominent CCTV signs are mandatory
Prominent signs are important wherever CCTV cameras are placed. The added benefit of having signage is that it acts as a deterrent to potential criminals. When a criminal can see that they are being recorded, it can sometimes mean they will think twice about undertaking a crime. Signage costs very little to produce. Not having the correct signage in place is often where businesses fall short.
5 Steps to ensure your CCTV signs are compliant:
Here are the points you need to check to see if your signs are compliant with the GDPR:
- CCTV signage legal requirements UK – Signage should be clearly visible and readable. It will also need to show details of the organisation operating the system and controlling the data, the purpose of its use and who to contact if there are any queries. Ideally with a method of contact such as a phone number or email.
- Signs should be an appropriate size in relation to its context. If the sign needs to be seen by a car driver it should be bigger, and if it is in a shop then a small sign would be more suitable. We advise minimum A3 externally and A4 internally.
- All employees should know what to do and who to contact if a member of the public enquires about the CCTV system. Any signs in a public area must show the organisation or authority responsible for controlling the data collecting during the use of CCTV systems.
- Take care when it comes to positioning your CCTV cameras. Although your cameras may be positioned on-site, they may still capture images of people walking by. If this is the case your CCTV signage should be visible outside the business too.
Camera positioning is key
When it comes to siting your CCTV cameras, you should take care that they are not placed in such a way as to capture members of the public, e.g. people in the next door property. Even if the cameras are sited on your property, if they record another person’s private property without their permission, you are breaking the law. Care must be taken when setting cameras up to ensure that any such areas are masked off, this can be set up by your security installer.
Controllers and Processors of Data
If you are recording and storing CCTV footage within your own business, then you are both a “controller” and “processor” of data under the GDPR. Both positions entail responsibilities. An elected person must be responsible for the CCTV images and you should have clear procedures set down as to who can access the system, and when information should be disclosed. When you install or upgrade your cctv system you should conduct or review your DPIA (Data Protection Impact Assessment) – this assessment will help you work through and justify why you are installing CCTV and how you are storing and protecting the data.
The ICO has produced a simple quiz online that will help you determine whether you need to register with them. The GDPR requires essentially that personal data is:
- Processed lawfully and fairly
- Collected for specific and legitimate purposes
- Not excessive for the purpose for which it is being collected
- Accurate and not kept for longer than is reasonable
- Secure, and not used for unauthorised processing
If you have outlined why you are collecting CCTV footage and justified it and it’s reasonable and put in procedures to make sure the above principle is upheld, you will be compliant with the new regulations. Especially, those that concern CCTV signs.
If you require any information regarding CCTV GDPR and the effect it has on your business’ security, Almas Industries will be happy to help. We can provide a full site security audit where we can discuss the relevant requirements and how to comply with the new legislation. To enquire please call 0333 567 6123 or click here to send a confidential email.