GRA publishes CCTV guidelines after concerns over data protection
The Gibraltar Regulatory Authority yesterday published new guidelines for the correct use on CCTV systems after it found that “several CCTV operations in Gibraltar which do not comply with data protection laws” and “individual’s privacy is being unreasonably eroded”.
The Commissioner has found that there has been incidents of “unauthorised access to CCTV footage” such as staff snooping, and “unauthorised disclosure or leaks of CCTV footage”.
The document provides good practice guidance for those involved in operating CCTV and other surveillance camera devices.
This will help them to better understand their responsibilities and obligations with regards to data protection when using these systems, the GRA said in a statement issued to the press.
“The Commissioner first issued a guidance document in relation to CCTV in 2007,” the statement read.
“However, the expanded use and capability of CCTV systems since then has society wide implications and unless such systems are used with proper care and consideration, they can give rise to concerns that an individual's privacy is being unreasonably eroded.”
Some of the recommendations include limiting access controls to a limited number of people; no mobile phones or recording devices be allowed into the where CCTV footage is viewed; training individuals to with data protection training; and a disciplinary police to ensure they comply by the rules.
In addition, new rules have also been issued for Subject Access Requests after the Commissioner’s office has received a number of enquiries, and undertaken a number of investigations, on these.
The GRA said the document sets out key points that organisations need to be mindful of when handling subject access requests.
There will also be practical tips to assist organisations to ensure that they are compliant with data protection and GDPR laws when responding to these requests.
Both guidance notes are available on the data protection section of the GRA’s website – https://www.gra.gi/data-protection/general-data-protection-regulation.
The publication of guidance notes is part of the Commissioner’s efforts to promote data protection compliance and good practice, the GRA added.
For further information please contact the Commissioner’s office on +350 200 74636 or email: firstname.lastname@example.org.