Menu
Dealer
Resource Center

Workplace Surveillance and GDPR

Mandee Thomas
Apr 15, 2019 11:33:53 AM

The level of surveillance most people experience on a day-to-day basis is a growing concern for many individuals. As camera systems become more affordable and more prevalent, it isn’t uncommon for businesses to implement video monitoring within their buildings. In fact, 48% of companies report utilizing surveillance to deter violence, theft, and sabotage in the workplace.

If your business falls under EU General Data Protection Regulation (GDPR), there are some requirements you will need to meet in order to lawfully take video footage of your employees and the public.

Requirements for Businesses

As part of GDPR, businesses not only need to alert employees that surveillance cameras are in use around the office, but they also need to be able to provide a valid reason to have them at all. Acceptable reasons for surveillance can include protecting assets and ensuring employee wellbeing.

Having a legitimate reason for surveillance in an area isn’t enough, though. Employers need to effectively communicate to employees what parts of the workplace have cameras, and the legal reasons for surveillance in those areas. Employees have the right to protest against surveillance in certain areas if they feel that it isn’t necessary.

GDPR requirements extend beyond employees to protect the public as well. If a business captures footage of a member of the public, they are required to share the footage with them within 30 days, if they request it. When this footage is sent, other people’s faces have to be blurred out.

Storing Footage

Another limitation set by the GDPR is how footage is stored, and for how long. Any video feeds stored in the cloud must be carefully protected and the business must know the exact location where the footage is being stored.

In addition, videos can’t be stored indefinitely. Storing footage for up to thirty days is fine, but if a business wants to store video for longer than that, they will need to acquire special permission. To receive that permission, a legitimate reason must be given to explain why they need the footage for longer than thirty days. Additionally, a risk assessment will have to be conducted before approval is given.

Business Compliance

Meeting all the requirements of the GDPR can seem like a monumental task for a business—especially a small one. But, by asking a few simple questions, an employer can quickly make a plan to become compliant. Here are some questions you should ask:

  • Do you have notices displayed letting your employees know that they are being filmed?
  • What data are you collecting and why?
  • What security measures do you have in place to protect the date you capture?
  • How long are you storing footage and why?
  • Do you have a plan in place for providing footage employees or members of the public?
  • Do you have a plan of action for the event of a breach?

If a business does not comply with GDPR standards for workplace surveillance, they could face fines of up to 2% of their annual revenue. And if there is a breach, the fines can be as high as 4%; a costly mistake indeed.

Protections in the US

While no laws are currently in place in the United States (on a federal level) that prohibits a business from monitoring its employees, it’s still worthwhile to review the questions above and see where improvements could be made. After all, in many cases, these issues not only beg legal questions, but moral ones as well. 

A few states, though, already have protections in place regarding surveillance in the workplace—particularly when it comes to private spaces and areas where union meetings might take place.

What You Can Do

As a dealer, it would be beneficial to educate subscribers about best practices for surveillance in the workplace. Not only is it good for a company to be transparent with its employees, but there is always the potential for similar laws regarding workplace privacy to be passed in the US.

Considering the concern surrounding privacy breaches and personal data protections, safeguarding employees and the general public is definitely on congress’s radar, and it would be much better to have good surveillance practices in place now, rather than have to rush to meet compliance later on.

Get Weekly Updates About More Stories Like This:

You May Also Like

These Stories on News

No Comments Yet

Let us know what you think