UK GDPR Data Compliance Support Service
Providing Practical Guidance & Mitigating the Risk of Infringement
Our unrivalled GDPR Data Compliance Support Service provides practical guidance, management systems and procedures relating to the use of surveillance and security technology enabling you to achieve GDPR compliance.
The service mitigates the risk of infringement of which the consequences are substantial fines levied by the ICO as well as potential harm to your organisation’s reputation.
Scope of Service
The service is based on a competitive annual service charge that covers:
Annual site visits to undertake systems assessment and audit of management processes covering CCTV and, if applicable, Body Worn Cameras, Electronic Access Control, Visitor Management Systems and Key/Asset Registers
Help desk support throughout the year.
Data Viewing & Evidence Download Pack. Containing USB memory cards and Data Viewing & Release documentation. Refills supplied on an annual basis during the site visit.
Secure File Sharing software, training and support. This enables electronic dissemination of data such as video footage direct to applicants, rather than the inconvenient and insecure transfer of physical media.
CCTV Check software for diarising regular system checks with automated fault reporting.
Data Sharing Agreements. (Required if sharing data such as access control with your occupiers/tenants.)
Data Subject Access Request management. In the event of an individual making a request for CCTV footage, you will need to ensure that third parties’ identities are masked. As part of the service we include 10 minutes worth of video redaction editing.
Why do I need to be GDPR Compliant?
As an organisation operating in the UK, it is important to comply with the General Data Protection Regulation (GDPR) for a number of reasons. The GDPR is a regulation that was introduced in the European Union (EU) in May 2018, and it governs the collection, processing, and storage of personal data for EU citizens, including those residing in the UK.
Firstly, compliance with GDPR is a legal requirement for organisations that process personal data of EU citizens, regardless of where the organisation is based. Failure to comply with GDPR can result in hefty fines and penalties, which can have significant financial implications for your business.
Secondly, complying with GDPR can help to build trust and confidence among your customers and clients. By demonstrating that you take data protection seriously, you can show that you are committed to protecting their personal information and safeguarding their privacy.
Finally, GDPR compliance can also help to improve the overall security of your organisation’s data. By implementing GDPR-compliant policies and procedures, you can help to identify and address potential data security risks, and minimise the likelihood of a data breach occurring.
In summary, compliance with GDPR is essential for any organisation that processes personal data of EU citizens, including those residing in the UK. Failure to comply can result in legal and financial penalties, as well as damage to your reputation and loss of customer trust.
Annual Site Visit
Privacy
Data Minimisation
Secure File Sharing & CCTV Check Software
Keeping People Informed
Data Subject Access Requests
Documentation & Media
Data Privacy Impact Assessment
Data Sharing Agreements
Legitimate Interest Assessment
Data Viewing & Evidence Release Pack
As part of the service a Data Viewing & Evidence Release Pack will be provided to ensure your data is managed correctly.
Pack A
This pack is supplied free of charge, for use on larger sites typically office premises with more than 20 CCTV cameras installed.
Contents
Custom box with foam insert & cut-outs. USB ‘Blank Off’ with instructions. 1Tb Encrypted Hard Drive with keypad access. 4 x 32Gb Serially numbered USB Memory Cards with Security Seals. Data Viewing & Release Documentation including Data Subject Access Request Forms. Instructions & Guidance Booklet
Pack B
This pack is supplied free of charge, for use on larger sites typically office premises with more than 20 CCTV cameras installed.
Contents
Custom box with foam insert & cut-outs. USB ‘Blank Off’ with instructions. 3 x Blue 32Gb Serially numbered USB Memory Cards with Security Seals. For evidence download. 1 x Red 64Gb Serially numbered USB Memory Card. For storing archive copies of evidence. Data Viewing & Release Documentation including Data Subject Access Request Forms. Instructions & Guidance Booklet.
Pack C
This pack is supplied free of charge, for use on large sites typically shopping malls and major office developments with more than 50 CCTV cameras installed.
Contents
Custom box with foam insert & cut-outs. USB ‘Blank Off’ with instructions. 8 x Blue 32Gb Serially numbered USB Memory Cards with Security Seals. For evidence download. Data Viewing & Release Documentation including Data Subject Access Request Forms.
Pack D
This pack is chargeable and supplied where USB memory cards from packs A, B & C been used up.
Contents
8 x Blue 32Gb Serially numbered USB Memory Cards with Security Seals. For evidence download. Data Viewing & Release Documentation including Data Subject Access Request Forms.
GDPR Enforcement Penalties
The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection, and it is responsible for enforcing the General Data Protection Regulation (GDPR) in the UK. The ICO has the power to issue fines and other sanctions for non-compliance with GDPR, which can be significant.
Since the introduction of GDPR in May 2018, the ICO has issued a number of fines to organisations in the UK for breaches of GDPR. These fines have ranged from tens of thousands of pounds to millions of pounds, depending on the severity of the breach and the size of the organisation.
One notable example is the ICO’s £20 million fine issued to British Airways in 2020, following a data breach that resulted in the theft of personal data of over 400,000 customers. The ICO found that British Airways had failed to implement adequate security measures to protect the personal data of its customers, and had also failed to detect the breach in a timely manner.
Another high-profile case was the ICO’s £18.4 million fine issued to Marriott International in 2019, following a data breach that affected the personal data of around 339 million guests worldwide. The ICO found that Marriott had failed to conduct sufficient due diligence when it acquired Starwood Hotels and Resorts, and had also failed to put appropriate security measures in place to protect the personal data of its guests.
It is worth noting that fines are not the only sanction that the ICO can impose for non-compliance with GDPR. The ICO can also issue enforcement notices, order organisations to stop processing personal data, and even prosecute individuals and organisations for serious breaches of GDPR.
In summary, the ICO has the power to issue significant fines and other sanctions for non-compliance with GDPR in the UK. Organisations must take GDPR compliance seriously, and implement appropriate measures to protect the personal data of individuals in their care. Failure to do so can result in severe financial and reputational consequences.
The Dutch Data Protection Authority, has levied a €725,000 (roughly US$791,000) fine against a company for scanning its employee’s biometrics with a fingerprint time and attendance system. The Autoriteit Persoonsgegevens ruled that the company did not establish the exceptional grounds for the system’s implementation which would have provided a legal basis for its use.
