A comprehensive Data Protection Impact Assessment - DPIA for security systems that capture and process personal data.
Do you operate CCTV or Video Surveillance system, Body Worn Camera (BWC) Automatic Number Plate Recognition – ANPR, Electronic Access Control Sytem – EACS or are planning to install or upgrade such a system?
Are you compliant or confused about your legal responsibilities?
We can help save your organisation avoid a fine & loss of reputation that could be imposed by the Information Commissioners Office – ICO under the EU General Data Protection Regulation is in force penalties of up to 4% of global turnover or 20 million euro are possible.
Televigil Security & Compliance consultants, provide guidance and consultancy services, policy and procedures documentation and evidential media to help ensure compliance with the Surveillance Camera Commissioners Code of Practice and “Code Compliant” operators’ scheme.
Here is what we can do, to help you
- We will carry out a comprehensive Data Protection Impact Assessment – DPIA of your existing or proposed security surveillance system. This may be a mandatory requirement for your organisation to comply with the Data Protection Act 2018 and the GDPR.
- We review your ICO Registration provide guidance and consultancy services, policy and procedures documentation define responsibilities of Data Controller and Data Processors, provide evidential media to ensure compliance with the Surveillance Camera Commissioners Code of Practice and current Data Privacy legislation.
- We produce a site specific Audit Report and Policy Document which covers all aspects of operating your surveillance systems with a view to ensuring compliance with Data Protection Act (DPA) 2018 the GDPR and Freedom of Information Act 2012, Protection of Freedom Act 2012 (POFA) if appropriate for surveillance systems that monitor public spaces.
- We complete a compliance and conformity assessment of the system performance measured against the existing Operational Requirement (OR) or we write an OR to meet with the minimum BS EN 62676 Standards for CCTV and Video Surveillance systems as may be required, we record detail of all system components creating an asset register presented as Excel spreadsheets which RAG rates (Red/Amber/Green) devices for conformity with recommendations which you can take ownership of and action.
- We carry out a compliance and conformity audit of system management and operations for conformity with BS 7958:2015 CCTV Management and operations code of practice and make recommendations if appropriate.
- We include an Executive summary report which will include any non-compliance issues and gap analysis for you and make recommendations for improved system performance which can be followed up as part of a managed service to ensure compliance is achieved and maintained.
- We provide Data Protection compliance awareness training, supply and instruction on the use of DPA/GDPR compliant management documentation and evidential copying media to the clients’ nominated staff.
- We can manage complaints and Data Subject Access Requests (DSAR) on your behalf and also provide a video redaction service if required.
- If you operate a CCTV or Video Surveillance System that is able to view and monitor public space then you will need to be aware and demonstrate compliance with the General Data Protection Regulation -GDPR and following current UK legislation:
- The Information Commissioners Office (ICO) has imposed financial penalties on organisations for not complying with the Data Protection Act 2018 (DPA) and the GDPR. Other legislation is in place: Human Rights Act 1998 (HRA), Freedom of Information Act 2000 (FIA) and Protection of Freedom Act 2012 (POFA) which relate to operating some Video Surveillance Systems (VSS) and Closed Circuit TeleVision (CCTV) systems.
- National Surveillance Camera Strategy for England and Wales.
- National Strategy for CCTV Public Space in Scotland
- BS EN 62676 – Guidance for CCTV/Video surveillance operators about grading and other important matters.
- Standards for CCTV Installers, service providers and manufacturers.
- Guidance for in-house monitoring centres.
- Compliance with the DPA 2018, the GDPR, FOIA and POFA are a mandatory legal requirement for all organisations that use and operate CCTV systems for surveillance of people in public space.
- When installing or operating video surveillance or CCTV, the ICO must be notified and the system operated in accordance with the ICO CCTV Codes of Practice 2017 to ensure compliance with the DPA and POFA or you may consider voluntary adoption of the Surveillance Camera Commissioners Code of Practice. Often recorded evidence that was considered reliable does not comply with legislation and may be challenged within a court of law. Potentially a damaging and costly mistake which could have been easily prevented
Televigil promote and encourage our clients to adopt the Home Office Surveillance Camera Commissioners “Code Compliant” operators scheme:
Any organisation that successfully achieves certification will be awarded a certificate of compliance from the Surveillance Camera Commissioner and will be able to make use of the Commissioner’s certification mark on their website and other communications to indicate they comply with the Code. This will go a long way to reassure members of the public and other organisations that your organisation is complying with the Code and use surveillance camera systems and information gathered from them in the appropriate manner. In addition a list of organisations achieving certification will be published on the Commissioner’s website.
We will work with you, provide an initial consultation, system performance assessment and audit of your operation and management to establish what level of service is required based on the undertaking of a Self Assessment tool to gain an understanding of what measures you need to consider before applying for scheme certification. Please be aware that the Passport to Compliance does not offer full guidance on BS 7958:2015 CCTV Management and operations code of practice, which with our assistance and documentation, we can provide to demonstrate compliance with the DPA 2018 and the GDPR and help ensure compliance.
The following advisory documentation published by the Surveillance Camera Commissioner will give you an idea of what level of information and commitment that will be required:
So why choose Compliance-Plus?
Compliance-Plus is the leading system assessment and data protection operational management compliance service, delivered by a network of Independent Professional Security Advisers who will help you comply with the current legislation. We have assisted organistions gain Third Party Certification and become “Code Compliant operators under the Surveillance Camera Commissioner Code of Practice and Compliant Operators scheme.
The following services and product may form part of a compliance audit service:
- Correct Notification to the ICO, and Defining Responsibilities of Data Controller and Data Processor ensuring compliance. You can Check ICO registration here https://ico.org.uk/for-organisations/register/
- Creation of a Policy Document tailored to cover all aspects of operating CCTV, ANPR, Unmanned Aerial Vehicles, Electronic Access Control and Visitor Management Systems with a view to promoting and ensuring compliance. within your organisation.
- Supply of a Digital Evidence System – DES and management documentation which is required to ensure compliance. This may be “Own Branded” with your corporate identity.
- Assessment of system efficacy and performance measured against an Operational Requirement providing a meaningful benchmark for you to measure quality of image and service provider performance produced as MS excel spreadsheets so you can take ownership and manage your asset.The BSIA Guidance for CCTV is probably the best practice Code of Practice and guidance for planning, design, installation and operation of surveillance systems that makes reference to the latest standards and is free.
- Audit of system management, documentation and production of Assignment Instructions to assist security personnel to ensure compliance. British Standard BS 7958:2015 CCTV Operation and Management Code of Practice is the recognised industry standard..
- A Data Protection Impact Assessment of each scheme and each camera location may be required and undertaken.
- CCTV compliance Awareness Training and instruction including the use of the Digital Evidence System and site Management Documentation to ensure compliance.
- Summary report which highlights which non-compliance issues within the System Performance, Signage and Management of a system and makes recommendations for remedial service to ensure compliance.
- “Data Subject Right of Access Requests, Public Information Requests and Complaints can be managed as part of the service including Forensic Services for Video Editing and Evidence Preparation for legal submission to ensure compliance.
Who is Compliance Plus for and used by?
Any organisation that uses CCTV, particularly if the scheme includes cameras which cover areas of Public Space including Educational, Recreational, Retail and Commercial sites.
What are the benefits?
Organisations that use the Compliance Plus service will be up-to-date with current CCTV regulation, benefit from improved confidence in system use, make better-informed day-to-day decisions and enjoy a reduced risk of accusations of non-compliance being levelled against themselves or their organisation.
Don’t be Complacent….Be Compliant
For a free initial consultation and advice call Andy on 07773 291 931
TeleVigil Associates – making sure it’s precisely right!