Interviews

GDPR means CCTV too

by Mark Rowe

The GDPR that comes into force in May 2018 covers CCTV systems and the visual data they collect – not just written data, an academic points out.

Organisations are putting themselves at risk of breaching the GDPR because they’re failing to realise that the new regulations cover their CCTV systems and the visual data they collect. So says Andrew Charlesworth, Reader in IT Law at the University of Bristol.

In a white paper written for Cloudview, which offers cloud-based visual networks, Charlesworth says that because CCTV systems have been lightly regulated until now, there is a danger that users will not understand their obligations under the new legislation. New IP-based systems can expose operators to significant data protection and privacy risks, but he uses a recent court case to show how data protection legislation applies to all CCTV systems which record and store visual data, both public and private.

Charlesworth cites a dispute earlier this year between two householders in Scotland where one recorded and stored data covering the other’s private property and from which they could be identified. This resulted in damages of more than £17,000 for distress caused – and the court was not asked to consider whether data was kept appropriately secure and met other data protection requirements, which would also be considerations for data controllers running CCTV systems. Potential fines under the GDPR (general data protection regulation) EU-wide can be up to 20 million euros or 4 per cent of turnover, whichever is higher.

As there is no compulsory registration process it is difficult to get an accurate estimate of CCTV cameras in the UK. In 2015 the British Security Industry Association estimated there were between four and six million cameras. Cloudview’s own research suggests there are around 8.2 million cameras; and all will need to comply with the GDPR.

Andrew Charlesworth says: “Changing technology created the need for the GDPR, altering both the data protection environment and public perceptions of what constitutes acceptable data processing. From May all CCTV operators will have to be proactive in assessing, improving and ‘evergreening’ their compliance efforts – tickbox compliance will no longer be sufficient. However, GDPR provides a significant opportunity to enhance the industry’s public image as a valued and trusted service, rather than an unaccountable and privacy invasive ‘eye in the sky’.

“The judge’s final comments in the case of Woolley v Akbar are telling – the default position is that any professional (individual or organisation) setting up a surveillance system will be aware of the potential impact of their activities on data subjects, and be familiar with the application of relevant law and guidance.”

And James Wickes, CEO and co-founder of Cloudview says: “As Andrew points out, there are already precedents for fining CCTV users who breach existing data protection legislation. Users need to assess their CCTV systems alongside the rest of their IT, and remember that the law applies to everything from a single camera monitoring the entrance to their office or home to a larger system used in a business, housing or public spaces.

“The good news is that the GDPR gives CCTV users an opportunity to tackle what is often a negative image and take the lead in demonstrating accountability and privacy protection. They can also use new technologies such as cloud, which enable them to meet the new regulations while improving data accessibility and security.“

The White Paper can be downloaded at http://www.cloudview.co/whitepapers/watchingthewatchers.

Related News

  • Interviews

    Cyber and gender

    by Mark Rowe

    Cybersecurity has a gender problem, how do we solve it? asks Shamla Naidoo, pictured, Head of Cloud Security at the cyber platform…

  • Interviews

    Euro-CCTV research

    by Mark Rowe

    A majority (67pc) of UK consumers do not believe that the widespread use of CCTV infringes on people’s civil liberties, according to…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing