4 minute read
Installations and regulations
INSIDE STORY
Are your installations GDPR compliant?
Advertisement
Don’t think that the only part of your business that relates to GDPR compliance is your customer database, the information captured by cameras is also included in the regulation
The Data Protection Act 2018 was the UK's implementation of the General Data Protection Regulation (GDPR). From then everyone responsible for using personal data has to follow strict rules called 'data protection principles'. They must make sure the information is: used fairly, lawfully and transparently.
Back in October 2021 the application of GDPR with electronic security technology came to the fore when a judge ruled that security cameras and a Ring doorbell installed by an Oxfordshire homeowner "unjustifiably invaded" the privacy of his neighbour and ultimately broke data laws and contributed to harassment. Even though the devices were installed in good faith as a deterrent against burglars the homeowner faced a hefty fine by failing to take into consideration that he was capturing the movements of people visiting his neighbour plus he a had a considerable view into their back garden via the Wi-Fi camera fitted to his shed.
If this didn’t have alarm bells ringing for security installers then it should have because, up until that point, GDPR had the image of only relating to the handling of databases and personal information gathered during business transactions. The fact that it also relates to the data gathered by surveillance systems and video doorbells was news to many.
Protection and privacy
A new service called GDPR-safe was launched recently offering to take care of security technology-related data handling concerns with a policy pack to cover end users/CCTV operators who have had a CCTV system or video doorbell installed, to help all parties meet their legal obligations. This includes giving consideration to the privacy rights of neighbours, customers and members of the public.
Each Policy Pack features a unique QR code, which the installer scans before leaving the pack with the customer. This process links the Pack with the installer’s account. Every year that the customer renews their policy, the installer receives commission as credit with their distributor. To make things even simpler GDPR Safe handles the renewals process behind the scenes.
To find out more about how the system works and why installers need to be thinking about the regulations and CCTV, we spoke to Adam Read of GDPR Safe:
How widespread do you think noncompliance might be with UK CCTV? Very. Compliance is actually pretty complicated – it’s not as simple as erecting some signage and leaving it at that. It’s an ongoing effort, not a one-off exercise. However, if we were to look simply at those installs that fall at that first hurdle, it’s clear to see that the vast majority of installations are not compliant.
Is the service aimed at all CCTV installations or just domestic sites? We cater for both commercial and domestic CCTV operators, with specific policy documents to cover the areas that are unique to each setting. Domestic policies cover traditional CCTV and video doorbells. Commercial policies cover more advanced systems, including ANPR, facial recognition and covert surveillance usage.
INSIDE STORY
(continued from page 43)
Click here for more information:
Can the service be applied to existing customer contracts? Absolutely. As an installer myself, I’ve found that maintenance visits are a great opportunity to introduce customers to the service. We’ve also had a lot more interest from domestic customers following the news coverage of recent legal rulings.
Whose responsibility is it to ensure installations are GDPR compliant? The law places the ultimate responsibility for compliance on the data controller(s). A data controller is someone who exercises “overall control over the purposes and means of the processing of personal data”. In practice, this usually means whoever made the decision to install CCTV on their property – such as a home owner or business. What happens if a site is not compliant? The Information Commissioner has substantial powers to fine data controllers that fail to meet their legal obligations. Civil claims for compensation may also be made by individuals who claim that their rights haven’t been respected.
How do installers earn from the service? Our policy packs can be sold at a healthy margin during installation or maintenance activities – but they also provide a recurring revenue opportunity. Policies are renewable each year, with installers eligible to receive up to 50% commission as credit to spend with their distributor.
What support do you offer for installers in getting to grips with the service? We’re not finding that they need much support! We’ve designed the service to be as simple for installers as possible - it’s simpler than setting up a Facebook account. We’re only a phone call or an email away for those that do need assistance, though.
