Data controllers should be aware that footage or images containing identifiable individuals captured by CCTV systems are personal data for the purposes of data protection law. Where processes are used to obscure or de-identify individuals from CCTV footage, the footage or images are still considered personal data if it is possible to re-identify the individuals. Further, if footage or images are initially captured in an identifiable form and then irreversibly de-identified, data protection law will still cover the processing up to the point of anonymisation. Before installing a CCTV system, potential data controllers should consider the following questions. These issues, and others, are expanded upon in more detail in the guidelines available at: https://arc-rec-project.eu/wp-content/uploads/2022/02/ARC-CCTV-Guidance-Data-Controllers.pdf.
Recent Posts
- Final event in ARC2 project for SMEs: Meet Olivia, your GDPR compliance assistant
- Invitation to a free webinar “Principles of personal data processing”, August 22, 2024.
- ARC 2 international conference”Risks and GDPR Compliance in the Age of Artificial Intelligence”
- Data Protection Day 2024: presenting ARC2 Olivia web tool and discussing AI
- Olivia web tool-validation workshop for Italian SMEs on December 14, 2023