The GDPR applies to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR also applies to the processing of personal data of individuals in the EU by a controller or processor established outside the EU, where those processing activities relate to offering goods or services to EU citizens or the monitoring of their behaviour.

Where images of parties other than the requesting data subject appear on the CCTV footage the data controller needs to consider, on a case-by-case basis, whether the release of the unedited footage ‘adversely affects’ the rights or freedoms of the third parties, such as their data protection rights, trade secrets, or intellectual property rights such as copyright.

 

The controller needs to conduct a balancing test between the right of the data subject (requester) to access his or her personal data as against the identified risk to the third party that may be brought about by the disclosure of the footage.

 

The GDPR notes that these considerations should not result simply in a refusal to provide all relevant information to the data subject. Where necessary, measures may include pixelating or otherwise de-identifing the images of other identifiable parties before supplying a copy of the footage from the footage to the requester. Alternatively, the data controller may seek the consent of those other parties whose images appear in the footage to release an unedited copy containing their images to the requester.

Guidance on the Use of CCTV For Data Controllers

What the Document Contains:

- CCTV Checklist

- Recommended Data Protection Policy

- Purpose of Utilising CCTV

- Lawfulness of Processing

- Necessity and Proportionality

- Transparency and Accountability

- Security of Personal Data

- Data Protection By Design& By Default

- Data Processors

- Retention of Personal Data

- CCTV in the Workplace

- Disclosure of CCTV to Third Parties

- Provide Access to CCTV to Data Subjects

- Covert Surveillance

- Facial Recognition and Biometric Data

DUBLIN OFFICE

Unit 6
Redcow Interchange Estate,
Ballymount Rd,
D22 TR50
Tel: 01-2995780
Email: paul@mercurysd.ie

CORK OFFICE

Unit 22
Southside Industrial Estate,
Togher
Cork
T12Y2ET
Tel: 021-4809900

Copyright Mercury SD 2020