What is GDPR's Right to
Erasure all about?
Managing Article 17 of the GDPR
can be tricky. When configuring
your video management system,
organisations want to ensure they
retain recordings for sufficient time to
ensure they can review recordings of
events that are reported. But keeping
video for longer than what's deemed
necessary can also lead to a breach of
privacy guidelines.
Article 17 is also known as the 'Right to
be forgotten'. That's because it gives
people the power to request that your
organisation delete all their personal
data. Some exceptions apply to video
surveillance operations as there's an
intended and just purpose for the
cameras (ie: crime prevention, public
health and security, fraud detection,
legal employment obligations,
product development, etc.). So, while
you're not required to fulfil every
single 'Right to be forgotten' request,
you must ensure that you're not
keeping video beyond what's deemed
necessary for its purpose.
In the first part of this data privacy
series, you read about how a digital
evidence management system (DEMS)
can help you securely share video
and fulfil data access requests from
the public.
A DEMS can also help your team
comply with Article 17 of the General
Data Protection Regulations (GDPR)—
that is the 'Right to erasure'. Under
this article, your organisation needs to
be able to assign automatic retention
periods for requested and stored
video, while considering industry and
company policies.
At the end of the article, you'll also
get a checklist of questions to ask
vendors when shopping around for a
DEMS. After all, choosing a solution
built with privacy in mind is critical to
reinforcing your data protection and
privacy strategy as a whole.
How to uphold privacy
compliance in 2023
Generally, this means deleting video
within 14 or 30 days. But in some
cases, or regions, the limit could be 48
hours. Of course, if the stored video
is related to a criminal investigation
or legal matter, there's justification to
keep the video longer.
This is why organisations must
determine retention policies for
different types of stored or requested
video. But once you've firmed up
these policies, how do you ensure
your team only preserves necessary
videos and deletes footage that is not
relevant to an investigation?
Without a digital evidence
management system, this can
be challenging.
Using a DEMS to automate
video retention and deletion
When you invest in a DEMS, your
team can better maintain privacy and
adhere to the 'Right to be forgotten'
under the GDPR. That's because
a DEMS allows you to configure
automatic retention schedules. You
can define how long files are kept in
Find out how Spitalfields Estate
uses a DEMS to meet GDPR
requirements
Part two
