The impact of GDPR on video surveillance
On May 25 2018, the deadline for the implementation of the European Union’s General Data Protection Regulations (GDPR) loomed large on the calendars of organizations collecting and processing the personal data of people living in the EU. While the significant penalties for breach of the regulations were well-publicized, to many the implications of GDPR on their organization were less clear, particularly when it comes down to what constituted personally identifiable data.
Most organizations were aware that GDPR applied to text-based data – name, email and physical addresses, etc. – but as was highlighted in a guest blog post last year, static and video images also represent personal information to which GDPR applies.
Unfortunately the very first fine for non-compliance was issued by the Austrian regulator for breach of GDPR – only four months after the regulation came into effect – was related to the use of video surveillance. Capturing the detailed images of passers-by and not having adequate signage resulted in a 4,800 euro fine.
Furthermore, it is estimated that more than 14,000 data breaches and 41,000 complaints from the public were filed in the UK alone, but no fines have yet been issued (unlike in France where Google was fined for $ 57m).
However, even if the headlines may sound scary, GDPR’s impact has been positive, in the sense that it has made both companies and end users aware of the value of their data, and of the necessity to protect them. As a result, companies are more clearly informing their customers of how they collect personal data, how and for what they use it and, critically, making it much easier for people to choose whether they are happy for their information to be gathered (by, for instance, better communication about the benefits of allowing the organization to process personal information).
When used ethically and responsibly, video surveillance is a positive force in creating a smarter, safer and more secure world. It is essential that these benefits become part of the communication around the use of video surveillance: that in informing people in any specific situation that they are being filmed, the benefits of that to their safety, security and experience are also clearly communicated. It’s also essential to inform people that though they might be under video surveillance, their privacy is a paramount consideration.
Over the coming months and years, we will see more stories of fines being imposed – large and more modest – for breaches of GDPR, and further examples of data loss and theft. While the latter highlights the never-ending importance of a rigorous approach to cybersecurity, the former shows that GDPR is being actively enforced; and enforcement of regulation shows its effectiveness. This in turn, means improved protection for personal data, which is good news for us all.
Read more about GDPR in our whitepaper.