VeriFi provide a comprehensive compliance service throughout the UK for organisations responsible for operating CCTV, Automatic Number Plate Recognition & Electronic Access Control Systems.
To discuss your requirements call 020 36 330235
The EU General Data Protection Regulation will be adopted by the UK irrespective of BREXIT and it becomes enforceable in May 2018.
The Information Commissioners Office has revealed that it will be publishing GDPR compliance guidance in stages over the next few months. We will review processes and procedures relating to building services (CCTV Access Control etc.) and keep subscribers to our newsletter informed as this guidance is issued.
The service is provided on an annual contract and delivered by our in house team of specialists and includes the following:
For serious and persistent Data Protection Act breaches the Information Commissioner has the power to levy penalties up to £500,000. The size of penalty imposed in the case of miss-management of CCTV is a matter for conjecture, however damage caused by sensational media attention may have a far bigger impact on you organisations reputation.
This Q&A has been compiled with the intent of clarifying responsibilities and relationships as they apply in the case of commercial premises managed by a Landlord or Managing Agent.
WHO IS RESPONSIBLE FOR DPA COMPLIANCE?
Data Controller (Landlord/Managing Agent) has the ultimate legal responsibility to ensure DPA compliance and register with the Information Commissioners Office (ICO) and provide a Data Policy for the guidance of stakeholder’s.
Data Controller for the Site (FM or RFM) an employee of the Data Controller responsible for implementation of the Data Policy and management of the various data systems on a day to day basis if the site does not have a Data Processor.
Data Processor (Security Operative) an employee of the Security Service Provider subordinate to the Data Controller for the Site and responsible for the day to day management of the various data systems.
Auditor an independent individual/organisation appointed by the data controller responsible for audit of management process and assessment of system efficacy and privacy impact assessment.
DOES DATA PROTECTION ACT COMPLIANCE RELATE ONLY TO CCTV?
No this is a common misconception; any data processing that can identify an individual and tell you about their activity comes under the Act, in Security / FM applications this includes; Photo ID Badge production, Electronic Access Control, Automatic Number Plate Recognition, Voice Recording, Body Worn Cameras, Surveillance Drones and use Mobile Phone Data. If any of these systems are employed the Data Policy must include reference to them.
TENANTS OF MULTI-TENANTED COMMERCIAL PREMISES OFTEN ASK FOR COPIES OF CCTV RECORDINGS AND ACCESS CONTROL DATA, SHOULD WE COMPLY WITH THESE REQUESTS?
Not without sanction from the Data Controller, who should have a formal Data Sharing Agreement in place with the Tenant who must be correctly registered with the Information Commissioners Office.
IS THERE A LEGAL REQUIREMENT THAT AN ANNUAL AUDIT & ASSESSMENT MUST BE CARRIED OUT?
Any legal requirement is on the Data Controller, to ensure that CCTV and the various other systems are compliant with the Data Protection Act. It is therefore important that an annual review of management processes, systems capability and data policy is carried out. To ensure unbiased reporting it is important that an independent organisation is appointed to carry out this review.
WHAT DPA REQUIREMENTS SHOULD BE INCLUDED IN THE SECURITY SERVICE PROVIDERS ASSIGNMENT INSTRUCTIONS?
The primary point of reference should be the Data Controllers Data Policy although it is good practice to include a précis of the operational aspects in the Assignment Instructions for the guidance of the security team.
The Cloud Based alternative to security related paper records.
AUDIT & ASSESSMENT
A comprehensive Audit service that includes CCTV, EACS, ANPR & Voice Recording.
DOCUMENTATION & MEDIA
A range of CCTV Compliance Products that provide practical solutions to CCTV management.
A service that ensures DPA compliance when issuing recordings to subjects requesting CCTV.
We have led the UK CCTV compliance market since 1998 and from the early days of VHS tape based recording our continuing evolution has kept pace with the demands of a fast moving industry.
Whilst we continue to deliver the best in traditional paper based compliance documentation, we took the lead in developing a Cloud based audit and assessment service in 2010 which we now deliver throughout the UK.
Since then we have gone on to develop a unique package enabling Landlords to share CCTV & EACS images and data with tenants whilst complying with Data Protection Act legislation.
A natural progression led us to grow a multi discipline Cloud based Facilities Management Support tool badged as VeriFi Eidos, although we are pleased to develop bespoke solutions to run on the clients own server.
The combination of our innovative approach and the power of the Cloud to deliver everywhere in real time is best illustrated by our bringing the Daily Occurrence Book and Operator Logging into the 21st century. What was a paper based record kept by the security team is now an instantly accessible record of daily activity, available on a need to know basis, to those involved in the management of a single building or extensive property portfolio.
The scope of our services will continue to grow and develop, we don't have all the answers, but only because some questions are still waiting to be asked.
Finance & Admin Director