Keep an eye on compliance

New data protection regulations will have implications for CCTV

CCTV camera in a restaurant
The General Data Protection Regulation will have implications for hospitality businesses.

JUST six months from now, the General Data Protection Regulation (GDPR) comes into force.

The new rules, which take effect on May 25, 2018 and supersede the Data Protection Act, are intended to provide greater privacy and protection for individuals in terms of how their personal data is stored and used by businesses.

The GDPR will have major implications for hospitality businesses in Scotland, particularly when it comes to online bookings from customers – operators will have to gain explicit consent from an individual to retain that data for email marketing purposes.

However, the new regulations will also affect CCTV.

Businesses which already comply with current regulations under the Data Protection Act aren’t expected to have to implement too many changes in order to comply with the GDPR; however there will be a greater requirement for clear communication and robust record-keeping.

When the new rules come into force, businesses which use CCTV on their premises will be required to justify their grounds for its use, and clearly communicate the presence of CCTV to anyone who will be captured by the cameras.

Both employees and customers should be made aware that CCTV cameras are in use, with many security firms advising communicating this via clear signage.

Business owners should also consider the way in which recordings from the CCTV system are stored, by whom they can be accessed, and whether there are sufficient safeguards in place to prevent unauthorised access, as well as ensuring there is a CCTV policy in place and staff are fully up to speed with it.