CCTV DATA PROTECTION ACT General Data Protection Regulation (GDPR)

GDPR the General Data Protection Regulation

The Data Protection Act as it applies to a CCTV System requires that certain fundamental rules are adhered to. On 25 May 2018 a new set of rules will be introduced, known as GDPR, which are in addition to those already in place. Some existing rules will change. This website does not propose to list all of the changes that will take place, but some of the points salient to CCTV will be summarised. The ICO will send you leaflets that give all the information.

ICO telephone number 0303 123 1113

GDPR changes to Data Protection Act

One important point is that you should start to incorporate the GDPR at an early stage. Leaving it until the last minute could mean that you will find compliance difficult.

Subject access requests to view CCTV footage will no longer be chargeable. The time limit for complying with a request is reduced to a month. You can refuse a request but you must tell the individual the reason for refusal. They have to right to complain to the supervisory authority and to a judicial remedy.

The existing Data Protection Act is not changing in most cases. The GDPR is an enhancement and introduces some stricter rules, and some alterations. The GDPR checklist issued by the Information Commissioner's Office (ICO) should be used in conjunction with our CCTV Data Protection Code of Practice to ensure compliance. The forms that we supply cover all aspects of compliance with the Data Protection Act for CCTV systems.

The upgrade of Data Protection Act underlines the seriousness of the ICO in tackling the problem of non compliance. Non compliance with the Data Protection Act can make you liable for warnings, reprimands, corrective orders and in extreme cases colossal fines. The publicity alone that you might get for non compliance could be an embarrassment and damaging to your business, and could result in legal action.

After 25 May 2018 even bigger fines are possible where deemed necessary, but will undoubtedly be imposed only for the most flagrant breaches; the ICO will have the power to impose fines much higher than the £500,000 limit allowed at present.