The General Data Protection Regulation (“GDPR”) has ushered in a new era of data protection and has revolutionized the way companies collect, use, and store data. As a company that values privacy highly, we have put together a series of blog posts outlining our commitment to data privacy and compliance with the GDPR. In this series of blog posts, we will evaluate video surveillance and security camera monitoring activities from a data privacy law perspective under the GDPR.
The General Data Protection Regulation of the European Union has been effective since May 25, 2018, and institutions have adopted it within the last few years. Companies have restructured their data security and privacy policies accordingly, and it has created a huge impact on the industry in terms of the best practices applied for individuals’ data rights.
Nowadays, security cameras and video surveillance systems, also known as CCTV or closed-circuit television, are being used in many workplaces and production facilities for the purpose of ensuring physical security, protecting the workplace, and ensuring occupational health and safety.
As it is known, the image of an individual is the information that makes the individual directly identifiable and is considered personal data. In this direction, video surveillance systems and security camera monitoring activities, which is one of the ways of processing images of people, are subject to the same rules and regulations as any other form of personal data processing and should be carried out in compliance with the GDPR.
💡 The GDPR applies when
i) data controllers and processors are located in the EU, whether or not the processing takes place in the EU;
ii) personal data of the data subjects residing in the EU are processed by non-EU data controllers or data processors for goods and service delivery activities, or for monitoring behavior taking place in the EU;
iii) the national law of an EU member state is applicable to the case.
Consequently, all providers of goods and services with a customer base in the EU shall realize their data processing activities pursuant to the GDPR.
In this series, we will explore the terms, concepts and requirements outlined in the GDPR regarding the processing of personal data through video surveillance. We will provide an overview of the law and its key definitions, as well as best practices for organizations looking to comply with the GDPR when using these technologies.
In the next post, our Head of Legal, Melih Yonet, will elaborate on the key definitions under the GDPR and how Intenseye handles these concepts.