CCTV – GDPR implications

CCTV is used by a lot of businesses to protect them for several reasons, but did you know that releasing CCTV on social media without your customers consent is a breach of GDPR?

In October 2019, a pizza restaurant in Derby released images on social media of two customers after they refused to pay their bill and left.

The customers were made aware of the post via a source and reported this to the Information Commissioner’s Office (ICO) for a GDPR breach because they had not given their consent for the images or video to be released on social media.

They claimed this could have been damaging to their reputations as the full story of the refusal to pay the bill had not been released.

An ICO spokesperson has confirmed that “Organisations that process personal data, including CCTV footage of identifiable individuals, need to ensure they comply with their obligations under data protection law. This includes letting people know that you are collecting the footage, keeping the images secure, and only disclosing the images when it is necessary to do so.”

The ICO are currently investigating the pizza restaurant which is anticipated to come with a large fine.

Don’t ignore GDPR, avoid posting personal data you hold without that person’s permission.