Bodycams and GDPR: Compliance Essentials and Industry Guidance

Bodycams have become increasingly widespread across various sectors, including law enforcement, private security, public transport, and retail. While valuable for transparency and security, bodycams must be used in compliance with the General Data Protection Regulation (GDPR) to safeguard individuals’ privacy rights. This blog outlines what’s allowed and not allowed regarding filming with bodycams, data processing, and handling procedures under GDPR. 

 

 

 

 

 

Bodycams ZEPCAM round below

Filming with Bodycams: What is Allowed?

GDPR requires a lawful basis for processing personal data. For bodycams, this typically includes:

  • Lawful Basis for Processing: GDPR requires a lawful basis for processing personal data. For bodycams, this typically includes: 
  • Public Task: Law enforcement can use bodycams as part of their public safety duty (Art. 6 GDPR). 
  • Legitimate Interests: Private security or other sectors can use bodycams for legitimate interests like crime prevention or staff safety (Art. 6 GDPR). 

Commercial Use:

The principles outlined above apply to bodycam usage in various commercial sectors but with some considerations:

  • Lawful basis:
    • Private Security: Legitimate interests (e.g., preventing theft, deterring criminal activity) are the most likely lawful basis for private security companies (Art. 6 GDPR).
    • Public Transport: Public transport operators must weigh the benefits (e.g., deterring crime, passenger safety) against passenger privacy. Transparency and clear signage are crucial.
    • Retail: The justification for using bodycams here needs careful consideration. Balance the benefits (e.g., preventing shoplifting) with the privacy rights of customers and staff. Consent might be required in some situations, depending on local recording regulations.
  • Transparency and Notice: Be upfront about bodycam usage through signage, public announcements, or staff informing customers when recording is necessary (considering local regulations on recording conversations).
  • Purpose Limitation: Footage should only be used for specified purposes during collection. For example, security footage in retail cannot be used for customer profiling without specific consent (Art. 5 GDPR).

Filming with Bodycams: What is Not Allowed? 

  • Excessive Recording: Recording should be proportionate and not excessive. Continuous recording in areas with a reasonable expectation of privacy (restrooms, private offices) is generally prohibited unless exceptional circumstances exist (Art. 35 GDPR). 
  • Unlawful Use of Footage: Using footage for purposes beyond those originally intended and communicated to data subjects is not allowed. This includes sharing footage with unauthorised parties or using it for marketing without explicit consent (Art. 6 GDPR). 
  • Disregarding Data Subject Rights: Ignoring requests from individuals regarding their data rights, such as access, rectification, or erasure of their personal data captured by bodycams, violates GDPR (Articles 15 to 22 GDPR). 

Processing and Procedures for Bodycam Footage 

  • Data Protection Impact Assessment (DPIA): Before implementing bodycams, conduct a DPIA to assess potential privacy impacts and identify mitigation measures (Art. 35 GDPR). 
  • Data Minimisation and Storage: Only retain necessary footage and store it securely with access restricted to authorised personnel. Define and justify a clear retention period with routine deletion of outdated footage (Art. 5 GDPR). 
  • Security Measures: Implement robust security measures to protect footage from unauthorised access, alteration, or loss. This includes encryption, secure storage solutions, and regular audits of access logs (Art. 32 GDPR). 

Data Subject Rights 

  • Access Requests: Provide copies of footage to individuals upon request unless exemptions apply (Art. 15 GDPR). 
  • Rectification and Erasure: Individuals have the right to request rectification of inaccurate personal data captured on bodycams and erasure of their data when it is no longer necessary for the original purpose (Articles 16 and 17 GDPR). This could apply to situations where someone is mistakenly captured in footage or if the footage is no longer relevant to an investigation. 

Training and Awareness 

 Staff using bodycams should be trained on GDPR requirements, the organisation’s bodycam policies, and procedures for handling data subject requests (Articles 24,  82 GDPR). Training should cover: 

  • When and how to use bodycams 
  • Data protection principles 
  • Data subject rights 
  • Data minimisation and retention policies 
  • Proper handling and storage of footage 
  • Responding to data subject requests 

Ensuring GDPR Compliance with ZEPCAM Bodycam Solutions 

As a European organisation using European technology, ZEPCAM provides a secure bodycam solution that strictly adheres to GDPR and avoids international legal risks like the CLOUD Act and FISA. With ISO 27001 certification, ZEPCAM ensures top-tier data protection and privacy. Contact us for a compliant and secure bodycam system that meets Europe’s privacy standards. Our experts are available to provide the guidance needed to ensure your organisation complies with regulations while maximising the benefits of body cameras for safety, transparency, and security. 

​Disclaimer 

This blog post provides a summary of GDPR requirements relevant to bodycam usage. Organisations should refer directly to the GDPR legislation and seek legal advice tailored to their specific circumstances for precise compliance. Additionally, it is crucial to check national and local laws, which may impose additional requirements or restrictions. The guidance provided here aims to interpret the principles of GDPR to aid understanding and practical implementation, ensuring that bodycam usage aligns with regulatory standards and respects individuals’ privacy rights.  

Kommunaler ordnungsdienst bodycams

Explore further

Choosing the Right Bodycam: The 12 Most Important Software Requirements” for a comprehensive overview of essential software considerations.

Share This