CCTV signs: Are yours GDPR compliant?
Around six million CCTV surveillance cameras are operational in the UK, according to the British Security Industry Association (BSIA), 1 for every 10 people. In May 2018, General Data Protection Regulation (GDPR) came into effect. So anyone with a CCTV system – even if it’s just one camera – was required to comply and use their systems within the new guidelines. When GDPR was first introduced, it sparked a wave of concern. However, the requirements for CCTV operation didn’t dramatically change. A major element of the new rules included the use of CCTV signs in public space.
Navigating the Shift From GDPR to UK GDPR
Fast forward to today, and the UK has its own version, known as UK GDPR, since the UK left the EU. While the core principles remain largely unchanged, businesses must now navigate a slightly altered regulatory landscape. For the purposes of CCTV signage, the requirements remain materially unchanged.
GDPR affects all businesses with CCTV
Any businesses that have a CCTV system are obliged to notify people that images of them are being collected. These images are classified as ‘personal data’ because it’s possible to identify an individual from that information. The most effective method of alerting people is via clearly placed signs within any area captured by the cameras – in fact, the best place is as they first come into range of the cameras, so normally by the entrance.
Implementing a new CCTV Camera System
If you’re thinking of introducing a new CCTV system in your business, we recommend that you start your communication campaign with your employees long before they turn up to work one day and find new cameras with signs! Part of your implementation of a new CCTV system must include a Privacy Impact Assessment (PIA). This considers why you are implementing CCTV, is it reasonable to do so, how you will manage and retain the data and access to it. Communication should be a key element of your implementation plan with employees buying into the benefits rather than feeling it’s ‘Big Brother’ watching them at work.
The question remains: Is your CCTV signage compliant with the new UK GDPR regulations?
Do you understand what the CCTV signage requirements are and how to best implement them? A good place to learn how to follow best practice is the Government’s Amended Surveillance Camera Code of Practice. Any business that operates CCTV should register with the Information Commissioner’s Office (the ICO), there are a couple of exemptions, but they have a handy quiz to determine if you need to register and pay the registration fee.
Prominent CCTV signs are mandatory
Prominent signs are important wherever CCTV cameras are placed. Signage is not merely a legal requirement; it serves as a deterrent to potential wrongdoers. The absence of proper signage is often where businesses fall short, risking non-compliance and the associated penalties.
Camera positioning is key
When it comes to siting your CCTV cameras, you should take care that they are not placed in such a way as to capture members of the public, e.g. people in the next door property. Even if the cameras are sited on your property, if they record another person’s private property without their permission, you are breaking the law. Care must be taken when setting cameras up to ensure that any such areas are masked off, this can be set up by your security installer.
The 5 Steps to compliance:
- Legal Requirements for CCTV Signage in the UK: Signage should be clearly visible and readable. It will also need to show details of the organisation operating the system and controlling the data, the purpose of its use and who to contact if there are any queries. Ideally with a method of contact such as a phone number or email.
- Size of Signage: The size of the sign should be appropriate to its setting. For instance, larger signs are advisable for areas visible to drivers. We generally advise A4 signs internally, A3 signs on the outside of a building close to an entrance, and larger again for gates or perimeter access where drivers are approaching.
- Employee Awareness: All employees should know what to do and who to contact if a member of the public enquires about the CCTV system. Any signs in a public area must show the organisation or authority responsible for controlling the data collecting during the use of CCTV systems.
- Camera Placement – Be cautious about capturing images of individuals who are not on your property. Signage should be ideally visible before it’s too late for the person to change their mind about entering the field of vision so they can make an informed choice as to whether to continue.
- CCTV Policy: you should have a CCTV policy which will be formulated after you complete your PIA – this isn’t just for signage but details on access, retention and downloading of footage.
Controllers and Processors of Data
If you are recording and storing CCTV footage within your own business, then you are both a “controller” and “processor” of data under the GDPR. Both positions entail responsibilities. An elected person must be responsible for the CCTV images and you should have clear procedures set down as to who can access the system, and when information should be disclosed. When you install or upgrade your cctv system you should conduct or review your DPIA (Data Protection Impact Assessment) – this assessment will help you work through and justify why you are installing CCTV and how you are storing and protecting the data.
The GDPR requires essentially that personal data is:
- Processed lawfully and fairly
- Collected for specific and legitimate purposes
- Not excessive for the purpose for which it is being collected
- Accurate and not kept for longer than is reasonable
- Secure, and not used for unauthorised processing
If you have outlined why you are collecting CCTV footage and justified it and it’s reasonable and put in procedures to make sure the above principle is upheld, you will be compliant with the new regulations. Especially, those that concern CCTV signs.
Why Choose Almas Industries?
If you’re considering upgrading your CCTV system, here are three reasons to choose Almas Industries:
- Cutting-Edge Technology – Our state-of-the-art CCTV systems provide unparalleled security.
- Expertise in Compliance – We offer full site security audits to ensure you meet all UK GDPR requirements and can provide templates to guide you through compliance requirements. Of course, your CCTV signage will be compliant when you choose Almas as your CCTV installer!
- Tailored Solutions – We customise our services to meet your specific needs.
To discuss your requirements and learn how to navigate the complexities of UK GDPR with regards to CCTV and security solutions, contact us or call us at 0333 567 6123 for a comprehensive quote.