Andrew Charlesworth, Reader in IT Law from the University of Bristol, warns in a white paper he wrote for Cloudview that small businesses might not be compliant with GDPR, because they do not realise that the regulations cover the pictures collected by CCTV.
In 2017, a Scottish householder had to pay a fine of £17,000 for recording a neighbour on CCTV without permission. According to Charlesworth, the judge ruled that the onus was on those who set up a surveillance system to be aware of both the impact of CCTV on an individual’s privacy and of the law. The law is about to change. Under GDPR, courts will consider how the data is stored and potential fines can be as high as €20 million or 4% of turnover, whichever is larger.
Whilst estimates vary, Cloudview believe that there are approximately 8.2 million CCTV surveillance devices in Britain. Many of these are owned by small businesses and in six months’ time they will all have to obey the new regulations.
Regular maintenance checks and a need to ensure that data is held securely, are requirements of GDPR, which small businesses may not see as a priority. Charlesworth believes that whilst from May all owners of surveillance systems will have to assess and update their compliance controls, there is also an opportunity to improve the image of CCTV as a respected service.
James Wickes, CEO of Cloudview, agrees with Charlesworth. He thinks that whilst small businesses need to understand that the regulations apply to all organisations that use CCTV, regardless of size, the available technology can ensure that businesses comply with the new rules and improve both access to data and security.