Menu
State Commissioner for Data Protection and Freedom of Information. North Rhine-Westphalia:
Depending on the design, video surveillance may involve the collection and processing of personal image data. Such data processing is generally prohibited and is only permitted in exceptional cases if this is permitted by law or if the data subjects have previously given their effective consent (so-called prohibition with reservation of permission).
Video surveillance is subject to strict guidelines, which is why we, as an established company with 27 years of experience, advise against installing video surveillance without professional advice.
In our projects, we always ensure that we work in compliance with data protection regulations and adhere to all guidelines. We also have a data protection officer in the company who is only responsible for this topic.
State Commissioner for Data Protection and Freedom of Information. North Rhine-Westphalia:
Depending on the design, video surveillance may involve the collection and processing of personal image data. Such data processing is generally prohibited and is only permitted in exceptional cases if this is permitted by law or if the data subjects have previously given their effective consent (so-called prohibition with reservation of permission).
At European level, a working group of the European Data Protection Committee, with the cooperation of the German data protection supervisory authorities, has drawn up a guideline on video surveillance under the GDPR(Guideline 03/2019). This guideline provides a comprehensive overview of all essential elements of data protection law and also addresses new forms of video surveillance in some places.
The Data Protection Conference (DSK), the body of independent German federal and state data protection supervisory authorities, has also produced a guidance document on video surveillance and a short paper on video surveillance by non-public bodies, in which many legal requirements are presented and analyzed.
Source: Federal Commissioner for Data Protection and Freedom of Information
With the implementation of the General Data Protection Regulation, all companies are bound by new legal guidelines. VTIS GmbH has also made numerous updates in this regard in order to be able to continue to offer its services in compliance with data protection regulations.
By utilizing our website and all associated services, you can rest assured of GDPR compliance. All information on this topic can be found on the official homepage of the GDPR.
“This must always be carried out if particularly sensitive data is processed in accordance with Section 3 (9) BDSG or if the data processing was intended to assess the personality of the data subject, including their abilities, performance or behavior. In these cases, the data protection officer examines the particular risks inherent in the procedure for the rights and freedoms of the data subject and issues an opinion on the lawfulness of the data processing at the end of this examination. Just like the prior check, the data protection impact assessment therefore serves to evaluate risks and their possible consequences for the personal rights and freedoms of the data subjects.” Source
Especially after the GDPR (General Data Protection Regulation), the question of liability is being asked more and more frequently. Who is responsible and liable for data protection violations in the area of video surveillance? When installing video surveillance systems, special circumstances come into play. The end user (customer) has no knowledge in the technical field and therefore cannot plan and project alone. Therefore, two or more parties have equal rights when determining the video surveillance measures and are therefore liable. The data subject can assert his or her rights against anyone.
“Any person who has suffered material or moral damage as a result of an infringement of this Regulation shall be entitled to compensation from the controller or processor.” Article 82 GDPR.
The installer, end customer and any parties involved have the option of “exoneration from liability” if they can prove that they are not responsible for the data protection breach that has occurred. This requires complete documentation of the activity, with the prerequisite that each party knows exactly what they have to do during the project.
According to the GDPR, the installer has several documentation obligations. These serve as proof that the video surveillance system has been installed and implemented in accordance with the regulations. Processors, on the other hand, must keep a record of their processing activities. Previously, according to the BDSG (Federal Data Protection Act), this was only mandatory for end customers/operators.
Operators of video surveillance systems face significantly higher fines since the GDPR. This may be a factor of 67. If, for example, a retailer previously had to pay a fine of €1,000 for non-compliant surveillance cameras, they can now be fined up to €67,000.
End customers, processors and installers can be sanctioned in accordance with Article 28 et seq. GDPR/83 EU-GDPR, fines of up to ten million euros or two percent of total global turnover can be imposed.
During the transition phase, existing installations and contracts for video surveillance should be reviewed. New contracts to be concluded must be drafted in such a way that they take into account the legal situation under the GDPR. Basic knowledge of data protection is therefore extremely important for every installer. In plain language, this means that the installer is no longer allowed to install a camera wherever the customer wants it. What exactly he has to do is detailed in the “GDPR Video Practice Guide”, which he can obtain free of charge from Deutsche Datenschutzhilfe, provided he is a supporting member. The practical guide includes a checklist for the installer so that they know what they need to ask the end customer before they can start installing the video devices. The GDPR video guide also includes sample forms for complete data protection management, including the installer’s own processing activities, so that the installer also has proof that they have complied with data protection regulations during installation and have fulfilled their duty to provide information regarding the BDSG and GDPR in detail.
Source: sicherheit.info / Walter C. Dieterich, Chairman, Deutsche Datenschutzhilfe e.V.
VTIS GmbH
Nikolaus-Groß-Str. 31
44329 Dortmund