Many people were worried about the new regulations when they first came out. Yet they are really little different from the requirements that were previously in place with regards to CCTV operation. Have you made sure that your CCTV signage is compliant with GDPR regulations? Do you understand what the CCTV signage regulations are and how to best implement them?
Around six million CCTV surveillance cameras are operational in the UK, according to the British Security Industry Association (BSIA), 1 for every 10 people. In May 2018, General Data Protection Regulation (GDPR) came into effect. So anyone with a CCTV system – even if it’s just one camera – is now required to comply and use their systems within the new guidelines.
Many people were worried about the new regulations when they first came out. Yet they are really little different from the requirements that were previously in place with regards to CCTV operation. Have you made sure that your CCTV signage is compliant with GDPR regulations? Do you understand what the CCTV signage regulations are and how to best implement them? Read on to find out more.
GDPR affects all businesses
Any businesses that have a CCTV system are obliged to notify people that images of them are being collected. These images are classified as ‘personal data’ because it’s possible to identify an individual from that information. The most effective method of alerting people is via clearly placed signs within any area captured by the cameras – in fact, the best place is as they first come into range of the cameras, so normally by the entrance.
Prominent signs are important
Prominent signs are important when CCTV cameras are unobtrusively placed or situated in areas where people do not expect to be under surveillance. The added benefit of having signage is that it acts as a deterrent to potential criminals. When a criminal can see that they are being recorded, it can sometimes mean they will think twice about undertaking a crime. Signage costs very little to produce. Not having the correct signage in place is often where businesses fall short.
Here are the points you need to check to see if your signs are compliant with the GDPR:
- Signage should be clearly visible and readable. It will also need to show details of the organisation operating the system, the purpose of its use and who to contact if there are any queries.
- Signs should be an appropriate size in relation to its context. If the sign needs to be seen by a car driver it should be bigger, and if it is in a shop then a small sign would be more suitable. We advise minimum A3 externally and A4 internally.
- All staff should know what to do and who to contact if a member of the public enquires about the CCTV system. Any signs in a public area must show the organisation or authority responsible for the systems.
- Take care when it comes to positioning your CCTV cameras. Although your cameras may be positioned on-site, they may still capture images of people walking by. If this is the case your CCTV signage should be visible outside the business too.
- Depending on the location, new signage alone – without CCTV – might be a sufficient and cost-effective deterrent to thieves.
Camera positioning is key
When it comes to siting your CCTV cameras, you should take care that they are not placed in such a way as to capture members of the public, e.g. people walking past your premises. Even if the cameras are sited on your property, if they record another person’s private property without their permission, you are breaking the law. Care must be taken when setting cameras up to ensure that any such areas are masked off.
Controllers and Processors of Data
If you are recording and storing CCTV footage within your own business, then you are both a “controller” and “processor” of data under the GDPR. Both positions entail responsibilities. An elected person must be responsible for the CCTV images and you should have clear procedures set down as to who can access the system, and when information should be disclosed. The ICO has produced a simple quiz online that will help you determine whether you need to register. The GDPR requires essentially that personal data is:
- Processed lawfully and fairly
- Collected for specific and legitimate purposes
- Not excessive for the purpose for which it is being collected
- Accurate and not kept for longer than is reasonable
- Secure, and not used for unauthorised processing
If you have outlined why you are collecting CCTV and justified it and it’s reasonable and put in procedures to make sure the above principle is upheld, you will be compliant with the new regulations.
If you require any information regarding GDPR and the effect it has on your business’s security, Almas Industries will be happy to help. We provide a full site security audit where we can discuss the relevant needs to comply with the new legislation. To enquire please call 0333 567 6677 or click here to send a confidential email.