Personal data is a hot topic because so many intimate details about our lives are stored everywhere online. We have to surrender that much information about ourselves to do almost anything on the internet that it is extremely difficult to keep track of where it all is. Because of this, we need to have faith in those capturing our data that they will treat it with respect and integrity. Did you know, if you are the one capturing data via security cameras, you need to know the law surrounding home CCTV systems and data protection too? You really need to know whether you need to comply with GDPR (the General Data Protection Regulation)…
GDPR is one of the laws in place to protect our personal data and is part of the UK Data Protection Act 2018. All companies must comply with its parameters or face legal action themselves. But it’s not just businesses who must follow these rules, individuals need to as well in certain circumstances.
Home CCTV systems and data protection – must I comply?
There is only one answer to this…it depends!
If you are confident that your cameras only record your own land and property then you won’t ever ‘need’ to do anything. Someone might submit a subject access request (which is basically a request for their own data i.e. footage you keep) but you won’t have to surrender it. There might, however, be a valid reason for the request; the police may want to see the movement of a criminal before or after a crime, for example. As such, they may ask to see your recordings and it would of course be the decent thing to do to give it to them. If you were to refuse, they would be able to apply for a warrant to potentially force you to do so, so just bear that in mind. But if it’s just that someone wants to look at your footage for no particular reason, it’s not an obligation to give it to them.
If, on the other hand, you do record public areas such as a pathway or your neighbour’s property, you WILL have to observe certain aspects of GDPR. This is simply because you are obtaining information about members of the public and they have a right to know about it and to govern what happens with their data.
What do you need to do to comply with GDPR?
So if you do record areas beyond your own boundaries, we’ve established you must observe GDPR regulations. But what does that mean? Well, you will need to:
- Put up signs to let people know you are recording via CCTV and why
- Ensure your system only records what it needs to and is only operated as it should be, without misuse by anyone
- Ensure any recordings you make are safe i.e., they can’t be watched without a valid reason
- Ensure that footage is deleted in a timely manner – you can only hold it for as long as you need it
Then you will also need to ensure:
- You respond to any subject access requests if and when they are received. These can be made verbally or in writing and you have a month to hand over anything you hold from personal data to identifiable images of the subject
- You delete any footage of a person if you are asked to. Again, this should be completed within a month. If you have a valid reason for keeping it e.g. it is forming part of a legal dispute, you can refuse but you will need to tell them this and they can challenge your decision
- You will need to give consideration to any objections made about your recordings – think about whether you really need to record public or neighbour’s spaces or whether your outdoor security cameras should only record on your own property
The simplest way to avoid having to worry about home CCTV systems and data protection is to ensure your wireless outdoor security cameras don’t point anywhere beyond your own land and boundaries. Keep them off neighbouring property and public spaces and you’ll never need to worry about requests for data that you need to surrender to members of the public.
Posted on 5th Sep 2020 by Time2 Technology