Install a Secure And GDPR-Compliant Video Surveillance System

GDPR-Compliant Video Surveillance System

video surveillance system, Modern video technology provides us with hardware and software, unthinkable until a few years ago; the web represents the banalest example that immediately comes to mind, that is to say, the possibility of connecting in real-time, via the App, to a video surveillance system, perhaps integrated with an intrusion or access control security system.

Why video surveillance

Both in the private sector and in the commercial/industrial sector, video surveillance is increasingly used for at least two fundamental needs: to check that illegal intrusion does not occur or to try to prevent any thefts. Now, in some cases, the reasoning may be correct; however, it can become risky to make it a “rule,” convincing oneself that a CCTV system is really capable of preventing a crime! Rather, it is an excellent technological aid a posteriori to document the crime’s perpetration, facilitating the judicial authority’s investigations.

Pills of professionalism

Having said that, let’s move on to the administration of some interesting pills, certainly useful to any good professional in the sector, installer or designer who is, in supporting the client in his choices, for which he is also responsible as the data controller.

Technical standards

We always remember that there are sector technical standards EN 62676-x, a family of reference technical prescriptions for video surveillance systems, which govern from general system requirements up to transmission protocols, such as the methods of measuring the performance of recent cameras publication.

It is also worth remembering that intrusion alarm, access control, and video surveillance systems fall within the scope of both Law No. 186/1968 and the more recent Ministerial Decree No. 37/2008 and, as such, are subject to the other, the obligation of design and construction following the rules of the art, and of the relative certification of conformity.

Other Standards 

But even more, substantial complementary legislation looms over this sector: ranging from the Regulation (GDPR EU 2016/679) on the processing and security of personal data to the Workers’ Statute (Law No. 300/1970 and Legislative Decree No. ° 151/2015), from the Guidelines No. 3/2019 of the EDPB to the Provision of the Guarantor of 08/04/2010, from the INL Circular No. 5/2018 to that of 16 April 2012 issued by the Ministry of Labor containing useful simplifying indications the issuing of authorizations for video surveillance.

In light of this, it is clear that when we create a security system, the choice of the correct video surveillance solution requires a careful analysis of the risks and context (art.35 GDPR) because installing the various hardware devices is definitely the job. More interesting than configuring everything, making it compliant with the GDPR represents a decidedly more complex operation.

Area geometry

A video surveillance system must be designed starting by taking into account the geometry of the areas to be controlled in order to use the least number of cameras – the principle of proportionality and not excess – in the protected layout, always allowing the observation of each individual—space from different angles.

Beware of the images.

Hardware solutions (power supplies, ups, HDD, cameras, cabling, etc.) and software (compression algorithms, firewalls, apps, etc.) of certain reliability and functioning must be carefully chosen right from the design stage (art.25 by design and by default). Guaranteed so as not to run the risk of losing, or worse still, damaging and/or deleting the video data; This is because the images collected are by law considered personal data, and as such, their treatment follows very specific rules (articles 4 and 5). 

Therefore, the video information collected is real digital documents and, as such, must be adequately protected with security measures appropriate to the level of risk exposed (Article 32); therefore, always pay attention to the use of cameras with data memory on the machine (removable micro SD), while for the DVR / NVR we use the appropriate cabinets with the right passive protection, positioning them in suitable and reserved places.

Oh, I forgot: lose the damn habit of installing monitors for public viewing, which is strictly forbidden because it represents “illegal processing of personal data”!

Also Read : Logical And Physical Security: Two Sides Of The Same Coin

Tech Today Post is an online international journal for all the latest technology news & updates. We also write about Digital Marketing, Business, Software and Gadgets.

Leave a Reply

Your email address will not be published.

Back To Top