New GDPR rules, CCTV & video footage

From 25th May last, the new General Data Protection Regulation (GDPR) rules come into effect and as we know any failure by businesses to comply with these new data protection rules will mean fines in a tiered system of up to 2-4% of global annual revenue.

Still sample of redacted video.

How new GDPR rules impact on your CCTV and other captured video footage?

For the new GDPR regulations, the capture and retention of video footage whether via CCTV, body-worn cameras, dash cams, drone or any other camera used by a business must have a justified and legal purpose.

For example, CCTV can be justified for precautionary or security reasons i.e. to prevent theft, visitor safety etc. It is also important to communicate the purpose of why CCTV is in operation. By using the ‘who, when, how and by whom’ method, you can communicate this effectively. Signage must be updated to be clearly visible, readable, highlight the purpose of the CCTV, contact details of the data controller, period of storage and the right to request access or removal. It is worth noting that GDPR rules only apply to businesses and do not extend to domestic or household purposes.

Can people ask for a copy of your CCTV footage?

Under the previous Data Protection Act people had the right to ask for CCTV footage but the owner could decline access to the footage if there are third parties involved. This has changed under the new GDPR regulations. There are three major changes. First, there is no longer the right to charge. Second, you cannot deny access to the footage. Third, it is the company/data controller’s responsibility to protect the identity of the people in the footage. This is done through pixilation or redaction.

According to the new GDPR rules and the Office of the Data Protection Commissioner “Where images of parties other than the requesting data subject appear on the CCTV footage the onus lies on the data controller to pixelate or otherwise redact or darken out the images of those other parties before supplying a copy of the footage or stills from the footage to the requestor”

Sharing and Redaction

Also under the new legalisation, once video footage is properly secured for the purpose that it was intended for; there is no need to redact faces or blur images for GDPR compliance. However once a video is shared with third parties i.e. under Freedom of Information requests, legal cases etc., redaction of footage is required. One of the big issues that companies will face is “Freedom of Information Requests” of CCTV footage from individuals or groups where they are identifiable. Individuals and groups are within their full rights to request that a copy is made and given to them. You will have 30 days to respond to their request. The issue for businesses is that if other parties are captured and identifiable in the video they will need to be blurred before footage can be handed over. This might sound simple, but the reality is not. You need to consider: CCTV format issues (there are over 2,500 formats globally), multiple camera viewpoints, environment context issues, crowded scenes, and other technical difficulties can make this a cumbersome and time-consuming task.

Video redaction is used to obscure:

1. Faces

2. Spoken names

3. House numbers

4. Nudity

5. Number plates

6. Children

7. Addresses

8. Any information that will identify a person.

We supply GDPR, chain of evidence compliant services that are used to protect the identity of 3rd parties, suspects, victims, informants, your staff, and colleagues.

For your Freedom of Information and other legal requests in connection with CCTV or any video footage, Redaction.ie will provide you with video footage blurring (redaction), editing and any custom service you may require.

To learn more please visit www.redaction.ie, call us  at + 353 (0)1 6624723 or email us:hello@redaction.ie