Organisations in the public sector are placing themselves at risk of breaching the impending General Data Protection Regulation (GDPR) by failing to acknowledge that the new regulations cover their CCTV systems and the visual data they collect.
Up until now, CCTV systems have been lightly regulated making it even more likely that users will not understand their obligations under the new legislation. For example IP-based systems can expose operators to substantial data protection and privacy risks as CCTV systems record and store visual data both public and private.
With fines up to €20 million or 4% of annual turnover, whichever is higher, It is important that CCTV operators acknowledge their responsibilities towards being compliant to the impending GDPR regulation.
It is currently difficult to get an accurate estimation of how many CCTV cameras there are in the UK as there is no compulsory registration process in place.
In 2015 the British Security Industry Association (BSIA) said there were between 4-6 million cameras in the UK, Cloudview’s own research suggests there are currently 8.2million CCTV cameras, all of which will have to comply with GDPR guidelines.
Technological developments mean we are now processing more data than ever before, as a direct result of this, the EU felt the need for the GDPR, affecting both the data protection aspect and the public perceptions of what defines acceptable data processing.
From May 25th 2018, all CCTV operators will have to be proactive in accessing, improving and on an ongoing basis, managing their compliance efforts, tick box compliance will not suffice. GDPR will change the view on CCTV from privacy invasive and unaccountable to valued and trusted.