GDPR and video surveillance in banking

Lanaccess > Banca > GDPR and video surveillance in banking
  • Posted by: Lanaccess
  • Category: Banca

The data privacy is a concern for all citizens of the world, and states are legislating on this matter, but the speed with which they are addressing this concern is very different depending on the continent. While in Europe legislation is being very actively legislated in this area and offering a very protectionist view of personal data, in other areas such as Latin America the speed of regulatory development is not as high .

In Spain, the data protection law (RGPD) introduced substantial changes in 2018 and since then all companies that deal with confidential information of customers and suppliers are obliged to protect said data if they do not want to expose themselves to fines of large amounts.

The banks are one of the sectors most affected by this law because they are not only required to protect customer data, but must have secure video surveillance systems for both their interests to the customer.

The Spanish Data Protection Agency (AEPD) has published a guide to help correctly apply the RGPD to all those companies that are obliged to install video surveillance systems such as those in the banking sector.

What are the main legal considerations and requirements of the GDPR for video surveillance systems of banks?

Banks or credit institutions are obliged to install video surveillance systems to prevent crimes at headquarters and guarantee the safety of both their employees and customers.

These companies are the main responsible for the cameras in charge of video surveillance and the management and processing of images.

Management of the images of a video surveillance system

These are the most important legal considerations that you should take into account:

  • The images available to the judges and the police. The images will be exclusively at the disposal of the judicial authorities and the Security Forces and Bodies, to which those that refer to the commission of criminal acts must be immediately provided.
  • Access to images limited to specific personnel. The videos recorded by the video surveillance cameras can only be viewed by the police, the judges, the AEPD inspection and the legitimated personnel according to the Private Security law.
  • The data controller can allow or deny access to the images. The person responsible for the treatment may deny the response to the exercise of the rights of access or deletion of those affected and will have to do so in a motivated manner. However, the holder of said rights may claim their case before the AEPD.
  • Conditions of use of the specific recordings. The recorded images may only be used to identify the perpetrators of crimes against people and property.
  • Suppression of recordings after fifteen days. The recordings must be deleted after fifteen days from the recording , as indicated by the RGPD, unless otherwise provided by the judicial authorities or the competent Security Forces and Bodies.

These are the main considerations included in the AEPD guide on image processing for security purposes. But, apart from these indications, it also adds other provisions for when the treatment of the images has other objectives.

An aspect of interest for banks, since video surveillance solutions like ours also allow other functions such as counting people or analyzing user behavior at headquarters .

What should banks that use video surveillance systems for purposes other than security take into account?

The banks implement advanced video surveillance solutions are able to perform many different functions more security as having the capacity at the bank headquarters or analyze user behavior on it to know what your pattern.

All these situations must also comply with the new GDPR data protection law.

In this sense, the AEDP guide indicates that companies that use video surveillance solutions for scientific research and related uses such as the study of habits of use or consumption must comply with the RGPD law.

Legal considerations for the use of video surveillance cameras for statistical and market research purposes

The Article 89 of the RGPD on treatment for archival purposes in the public interest for scientific or historical research or statistical purposes has technical and organizational measures to ensure the principle of minimization of personal data and may include pseudonymisation, provided that that way these ends can be achieved.

In this way, to comply with the law, companies must manage data in a specific way to minimize the personal information of users recorded by video surveillance cameras.

These are the main indications so that you can enjoy our company’s advanced video surveillance solution and comply with the RGPD . LANACCESS offers companies the best video surveillance solution with advanced functions to allow banks and other companies to benefit from the advantages of Digital Transformation.