VeriFi EIDOS

UK GDPR Data Compliance Support Service

Scope of VeriFi GDPR Support

Our role is to provide practical guidance, management systems, procedures, site assessment and assistance relating to the use of surveillance and security technology. We work with clients and their legal advisors to achieve compliance with the UK GDPR and mitigate the risk of infringement.

We provide an unrivalled GDPR Data Compliance Support Service in relation to surveillance and security technology, based on a competitive annual service service charge that covers:-

  • Help desk support throughout the year.
  • Data Subject Access Request (DSAR) management and video redaction editing.
  • Secure File Sharing software, training and support. Secure File Sharing (SFS) takes the place of DVDs which are rapidly becoming redundant technology. SFS enables electronic dissemination of video footage direct to applicants rather than the inconvenient and insecure transfer of physical media. It provides a highly secure paper free audit trail and unlimited usage. Where SFS cannot be supported due to a lack of internet connectivity we provide an initial stock of USB memory cards for evidence download and handover on a no charge basis. Subsequent supplies may be chargeable subject to demand.
  • Third party data subject access request documentation which, in conjunction with our secure file sharing software, enables electronic dissemination of video footage to insurers and law firms.
  • Annual site visits to undertake systems assessment and audit of management processes.

Signage

We provide a review of public information CCTV signage, mapping location supported by photographs and stating size and type required. We do not include the cost of signs although we will be pleased to quote for supply only, or liaise with your preferred sign company. 

As you are probably aware CCTV signs must provide information about the purpose of the CCTV and contact details where further information about the scheme can be sourced.

As an alternative, you might consider our managed service which allows you to include our datasubject.info website address and site reference on the sign. Enabling access to all of the data controller’s relevant information and allowing the individual to make a subject access request if required.

Data Compliance

The following is a précis of issues that are addressed and actions that are taken in relation to all surveillance and security systems that process personal data. Such as; CCTV – ANPR – Biometric Technology – Persons of Interest – Voice Recording – Electronic Access Control – Visitor Logging – Asset Register – Lost Property Register – Accident Register and Security Management Documentation.

Data Privacy Impact Assessment

In brief; a Data Privacy Impact Assessment (DPIA) is a process to help identify and minimise the data protection risks of a project before committing to it. In the case of CCTV installed prior to instructing us, the privacy impact assessment we carry out relates to data capture and processing and does not attempt to retrospectively justify use of the technology 

Privacy

In the case of video surveillance (CCTV, ANPR, BWC, etc.) this means ensuring that cameras cannot view areas where people have a reasonable expectation of privacy. 

The viewing capability of each camera is assessed and any potential for privacy breach is flagged in the report.

Data Minimisation

The amount of data collected and its retention must be no more than reasonably required to achieve the purpose. 

The archive retention period of each system is assessed and reported on if judged to be excessive. 

Keeping People Informed

In the case of CCTV etc., public information signs must be installed informing that CCTV is in operation, its purpose and contact details where further information can be obtained. 

Any requirement for signage is reported and quoted for based on a format previously agreed with the client. This can include information about the premises available at www.datasubject.info. 

Legitimate Interest Assessment

If a data controller relies upon the legitimate interest lawful basis for processing personal data, then the UK data protection regulator (the ICO) expects the controller to have conducted a Legitimate Interest Assessment (LIA). Only if the LIA concludes that the data subjects’ rights aren’t overridden by the controller’s legitimate interest will the processing be lawful. 

The legitimate interest lawful basis is commonly relied upon for surveillance and security systems operated at commercial properties. 

VeriFi provides a template LIA which can be edited by the client to suit specific applications.

Data Subject Access Requests

Under data protection legislation individuals have the right to obtain information, usually at no cost to themselves, about how their data is being processed by the data controller. They can also receive copies of that personal data. In the case of security and surveillance systems this would typically be CCTV images or access control data. 

VeriFi provides industry-specific assistance for complying with DSARs. A limited redaction editing service is included within VeriFi’s annual service charge. 

Data Sharing

A data breach can occur when a data controller releases CCTV footage or access control records without a formal process. 

In order to enable the release of data to insurers and legal representatives acting on behalf of individuals whose data has been recorded, VeriFi includes access to a Third Party Subject Access Request Form within the annual service charge. VeriFi provides detailed advice on how to implement a data sharing procedure which minimises the risk of unlawful disclosures.

Security

Security – Data that is downloaded from a password protected source must be held and disseminated securely. 

A data viewing and release log is provided as part of VeriFi’s annual service charge. It includes serially numbered USB memory cards for data release working copies, together with a 1Tb password protected portable hard drive or dedicated USB archive memory card, for retention of master copies. Police, insurers and law firms are, increasingly, requiring that CCTV footage is transferred to them electronically rather than as portable media such as DVD or USB memory stick, which can get lost and are not always easy to keep track of. Secure File Sharing is provided as a no cost SaaS option for manned sites that manage evidence download in house. In the case of unmanned sites VeriFi provide a chargeable evidence download service if required. 

Helpline

Telephone helpline support is available Monday to Friday 09:00 to 17:30 (excluding public holidays) and can be called on free phone number 0800 028 7382. Advice is also available by email at info@verifi-eidos.co.uk outside of these times for matters of an urgent nature. 

Data Viewing & Evidence Release Pack

Illustration is indicative of type of content contained in packs A,B & C 

Pack A

This pack is supplied free of charge, for use on larger sites typically office premises with more than 20 CCTV cameras installed.

Contents

  1. Custom box with hinged lid, magnetic catch & foam insert with cut-outs.
  2. USB ‘Blank Off’ with instructions.
  3. 1Tb Encrypted Hard Drive with keypad access.
  4. 4 x 32Gb Serially numbered USB Memory Cards with Security Seals.
  5. Data Viewing & Release Documentation including Data Subject Access Request Forms.
  6. Instructions & Guidance Booklet. 

Pack B

This pack is supplied free of charge, for use on small sites typically office premises with fewer than 20 CCTV cameras installed.

Contents

  1. Custom box with hinged lid, magnetic catch & foam insert with cut-outs.
  2. USB ‘Blank Off’ with instructions.
  3. 3 x Blue 32Gb Serially numbered USB Memory Cards with Security Seals. For evidence download. 
  4. 1 x Red 64Gb Serially numbered USB Memory Card. For storing archive copies of evidence. 
  5. Data Viewing & Release Documentation including Data Subject Access Request Forms.
  6. Instructions & Guidance Booklet. 

Pack C

This pack is supplied free of charge, for use on large sites typically shopping malls and major office developments with more than 50 CCTV cameras installed.

Contents

  1. Custom box with hinged lid, magnetic catch & foam insert with cut-outs.
  2. USB ‘Blank Off’ with instructions.
  3. 8 x Blue 32Gb Serially numbered USB Memory Cards with Security Seals. For evidence download. 
  4. Data Viewing & Release Documentation including Data Subject Access Request Forms. 

Pack D

This pack is chargeable and supplied where USB memory cards from packs A, B & C been used up.

Contents

  1. 8 x Blue 32Gb Serially numbered USB Memory Cards with Security Seals. For evidence download. 
  2. Data Viewing & Release Documentation including Data Subject Access Request Forms. 

This website uses cookies to ensure you get the best experience on our website.