If you have a business and run it from business premises you may have CCTV installed or are considering having it installed. However are you complying with the data protection act (DPA) GDPR etc?
If you have CCTV you should:
- Have a CCTV policy written up for staff.
- Display a sign stating that CCTV is in operation and it should have details of who is responsible.
- Recordings should be in a secure area/room and only nominated staff stated in the CCTV policy should be granted access.
Never misuse surveillance footage, it is classed as personal information under section 29/35 of the DPA
If there is a request for personal data this should be handled under subject for access provisions of the data protection act . Subject access requests (SAR) should be responded to promptly. Once an SAR has been made there is a 40 day response period and this is a statutory requirement.
If considering a CCTV system then a privacy impact assessment (PIA) would be advised. A PIA is recommended for projects where new and intrusive technology is being used. It is used for when private or sensitive data which is collected for a limited purpose is going to be used in an unexpected way.
When installing any system from CCTV to a simple lock for business or residential our team will advise on current regulations which apply. You can be confident of having the correct system installed for your particular requirements.
“Information taken from the information commissioners office (ICO) website 2018”