As you are now aware the General Data Protection Regulation (GDPR) is a new set of laws designed to give citizens of the European Union (EU) new rights regarding the control of their personal data and imposes new obligations on companies who collect, store, and process such data. This new law became effective in all EU countries on 25th May, 2018.
Whilst the GDPR regulations were not written expressly with video in mind, video is considered personal data of the subjects captured on camera, and therefore the regulation implies that those who own and operate video surveillance systems (CCTV Systems) must carefully consider, document, and manage the privacy impact of their video surveillance systems.
Although technology (such as Avigilon Control Center (ACC) video management software) cannot itself be GDPR compliant, all technology providers must consider how their products and solutions assist enterprises in deploying and operating a GDPR compliant system. Avigilon has taken care to ensure that its video security solutions are GDPR-ready.
Attached below is a PDF guide from Avigilon that provides some guidance towards a GDPR compliant system. This PDF provides a simple framework based on five basic principles of the GDPR to help support compliance of a Data Controller’s video system. Additionally, it highlights the specific capabilities within Avigilon’s video security solutions that will enable an company or organisation to be compliant.
5 Basic Principles of GDPR Regulations
- A Clearly Justified Purpose
All organisations must have a valid lawful basis for collecting and processing any personal data.
- Privacy by Design
The GDPR mandates that privacy must be a priority throughout system design and commissioning. The approach taken with respect to data privacy must be proactive, not reactive. Risks should be anticipated and the objective must be preventing events before they occur.
- Right to Access
Under Article 15, the GDPR Regulation gives individuals control over their personal data including the right to see that data.
- Right to be Forgotten
Under Article 17, the GDPR gives individuals control over their personal data including the right to have their personal data deleted if it is no longer necessary for the intended purpose of the system.
The GDPR Regulations require organisations have comprehensive policies and procedures ensuring personal data remains within control of the organisation at all times. Additionally, personal data breaches must be reported within 72 hours to the competent supervisory authority appointed by their country’s government.
The original information for this post is available here:
Contact us for more information