A: A data subject may request that the data contained therein be erased immediately if one of the circumstances referred to in Article 17(1) of the GDPR is available. This may be the case, for example, where the processing of personal data is unlawful or where the data is no longer necessary. When film material is passed on to other managers, for example. B the cinematographic material that is published online, the data controller must take steps to inform these other persons responsible for the deletion of such personal data. The measures taken to delete such data should be proportionate taking into account the available technology and the costs of implementation. Whether you operate a monitoring system yourself or commission an external ccTV company to do so on your behalf, you are a data controller within the meaning of the GDPR and you must ensure, in accordance with Article 5, that personal data is personal data: you should therefore set up a system to ensure that you delete information as soon as the data retention period is lost. Although this blog post is not explicitly addressed to people in the public sector, it should be noted that there are other circumstances in which the processing is considered legal and which are most likely only accessible to certain officials. For example, in the protection of the vital interests of data subjects or where the processing is done in the public interest. Cameras worn on the body, used by police forces, should be a candidate in this case. Note that these legitimate justifications are not reserved for the public sector. `The indication to a competent authority of possible criminal acts or threats to public security by the controller and the transmission to a competent authority of the relevant personal data in individual cases or in several cases relating to the same offence or threat to public security should be considered to be in the legitimate interest of the controller`; A: The GDPR governs the transfer of personal data by an official to law enforcement.
As a general rule, a data controller would rely on a legal obligation for the transmission of such data to law enforcement authorities. This legal obligation is generally a matter governed by national law. Where the data are available and the data subject requests a copy, the controller should not distribute collected cinematographic material to other data subjects and, in such circumstances, it is recommended to confuse third parties. In addition, no more data should be provided than is necessary. This means that the controller must request a date and time in order to identify the part of the film in which the data subject would be seen. As with any other aspect of personal data, data subjects have the right to access it, which may lead you to reveal cinematographic material to them. The owner of the company / ccTV must ensure that the applicant is present in the cinematographic material and that he does not disclose the personal data of another data subject by providing the cinematographic material. This may include parts of the film, such as characters or license plates, blurred. In addition, the OIC has previously recommended that the REQUEST for CCTV may incur a management fee of up to £10, but this is no longer the case under the GDPR.
Before setting up a monitoring system, you must identify and document your legal basis for the processing of personal data in accordance with Article 6 of the GDPR. Third-party organizations that process data for you, such as for example. B CCTV companies, are data processors. It is your responsibility, as a data controller, to ensure that you only use data processors that offer sufficient guarantees that they meet the requirements of the GDPR, including the security of processing. This process helps companies identify and minimize risks arising from data processing activities that “are likely to result in a high risk” to the rights and freedoms of individuals. . . .