When we think of GDPR data protection, most of us have a tendency to consider organisations retaining specifics, such as our name, date of birth, address, financial details etc. But there is a manner of attaining data that is so prevalent we scarcely notice it anymore – CCTV.
If your company makes use of CCTV, you must know that the images compiled are categorised as personal data and subject to GDPR data protection regulations. In order to be GDPR compliant you need to have a clear policy stating the reasoning behind it, security, risk of theft etc. People need to be aware they are being recorded on CCTV so it is necessary to place signs in areas that are observed with CCTV.
Your policy should also include how long you intend to keep the footage for which is generally accepted as 30 days. If you need to keep it longer your policy will need to include why it is necessary for it to be kept this long. Here you can find detailed information on the code of practice for CCTV.
Eventually it will be necessary to delete old footage, your system will most likely have a setting that will auto delete over a number of days depending on what you set it to. However, if you decide to upgrade your entire system your hard drives will need to be destroyed as data can be recoverable long after it is deleted and removed from your system. This can be detrimental to your compliance with GDPR. I would recommend the use of data destruction services. Here at ‘Security in Shredding’ items received for destroying data are logged on our asset tracking software; our clients receive a comprehensive report during the invoicing stage in order for complete traceability. This will allow you peace of mind and keep your business at the highest standard of security and compliance.
Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.