VeriFi Surveillance & Security Data Compliance Support Service
GDPR Data Compliance Support Service
VeriFi provides a comprehensive end to end Data Compliance Support Service which includes a retrospective Data Privacy Impact Assessment (DPIA) of installed Surveillance & Security Systems, with the express purpose of revealing breaches of data protection legislation.
An annual assessment report provides a DPIA summary of non compliant issues found, this shows as a KPI that can be reset by the Facilities Manager when the issues have been resolved.
Any non compliance issues that remain outstanding after 60 days are brought to the attention of the FM and assistance given to achieve resolution.
Access to multiple site reports are available to management.
- Body Worn Cameras
- Electronic Access Control
- Front & Back of House Visitor Management
- Asset Management (Keys etc)
- Daily Occurrence Log
Scope of Service – the following is a précis of issues that are addressed and actions that are taken:
- Privacy – In the case of video surveillance (CCTV, ANPR, BWC, etc.) this means ensuring that cameras cannot view areas where people have a reasonable expectation of privacy. The viewing capability of each camera is assessed and any potential for privacy breach is flagged in the report.
- Keeping people informed – In the case of CCTV etc., public information signs must be installed informing that CCTV is in operation, its purpose and contact details where further information can be obtained. Any requirement for signage is reported and quoted for based on a format previously agreed with the client, this can include information about the premises available at www.datasubject.info
- Data Minimisation – The amount of data collected and its retention must be no more than actually required to achieve the purpose. The archive retention period of each system is assessed and reported on if judged to be excessive.
- Security – Data that is downloaded from a password protected source must be held and disseminated securely. A data viewing and release log is provided including serially numbered USB memory cards for data release Working Copies together with a 1Tb password protected portable hard drive for retention of Master Copies. Police, Insurers and Law firms are, increasingly, requiring that CCTV footage is transferred to them electronically, rather than as portable media such as DVD or USB memory stick, which can get lost and are not always easy to keep track of. Secure File Sharing is provided as a no cost SaaS option for manned sites that manage evidence download in house. In the case of unmanned sites VeriFi provide a chargeable evidence download service if required.
- Data Subject Access Request – Under data protection legislation individuals have the right to obtain confirmation, usually at no cost to themselves, that their data is being processed by the data controller and to receive copies of that personal data. In the case of security and surveillance systems this would typically be CCTV images or access control data. Assistance with subject access requests including limited redaction editing is provided within the annual service charge.
- Legitimate Interest Assessment – Under Article 6 of the GDPR it is the responsibility of the data controller to establish the lawful ground for each processing activity it (and it’s data processors) carries out. Legitimate interests relating to Surveillance & Security systems are common to commercial property in general. VeriFi assess on the basis of a generic LIA which can be edited to suit specific applications.
- Data Sharing Agreements – A data breach can occur when a data controller releases CCTV footage or access control without a formal data sharing agreement. VeriFi includes provision of a generic Data Sharing Agreement within the annual service charge. It is for the parties to take legal advice if there is any doubt as to it’s suitability. If this service is adopted, VeriFi will complete the generic document ready for signature on behalf of the disclosing data controller by it’s managing agent.
Helpline – Telephone helpline is open Monday to Friday 09:00 to 17:30 (excluding public holidays) and can be called on free phone 0800 028 7382. Advice is available by email at email@example.com outside of these times for matters of an urgent nature.
Secure File Sharing
Police, Insurers and Law firms are increasingly requiring that CCTV footage and other data is transferred to them electronically rather than physically in the form of portable media such as DVD or USB memory.
Release of data is the responsibility of the data controller or lead data processor and all too frequently the process falls far short of GDPR requirements.
The VeriFi EIDOS Secure File Sharing (SFS) software deals with all issues relating to viewing and release of data and we are rolling this out to all suitable sites in place of the current paper based system.
The cost of SFS is included in our annual service charge which remains unchanged. CCTV status check and Body Worn Camera management is also provided at no additional cost.
Full on-site training will be given and comprehensive support will be provided via firstname.lastname@example.org.
Evidence Download Service
For some time we have been aware that due to time pressures and unfamiliarity with the task, FM’s are using installers to download CCTV footage. This is particularly relevant to unmanned sites.
To coincide with the introduction of our Secure File Sharing service, we will be providing a CCTV Evidence Download Service in Greater London from 1st August 2021 whereby a member of the VeriFi team will visit site to carry out any required evidence download. We will advise of costs on a case by case basis.
- Evidence download is only a phone call away
- Attendance within 24 Hours
- Fully GDPR compliant
- Inclusive of Subject Right of Access request editing
- Managed data release approval
- Archive accessible by all approved stakeholders