Have you ever dimmed the lights using your smart phone or turned your home heating up from the airport? Some of the modern day technology at our disposal in homes and businesses makes life much easier. We can feed our pets (and even talk to them) from the office, we can check in with CCTV systems from a beach holiday and we can direct the Amazon delivery driver on where to leave the parcel from the supermarket car park!
For the tech savvy among us, the ever changing landscape of products available makes for an exciting era. However, is there a side of caution to be respected here? Recently we have seen a rise in interest in the implications of GDPR relating to video and audio recording.
When we ask ‘what is personal data?’ there is usually a degree of uncertainty from those who don’t work within the Information Governance Industry. Personal data relates to people that are identifiable from the information whether that is directly or in combination with other information and covers material in any recorded form. (Further guidance is available from the ICO’s website*.) So an audio visual recording of a neighbour on their property beside their vehicle for example is personal data which has to be controlled and processed in line with the data protection legislation. In a case from earlier this year, a breach of the Data Protection Act 2018 was found which was caused by the defendant’s use of a Ring video doorbell. The outcome was reached with the fact in mind that the defendant did not control the data fairly and transparently. Of course there are many examples where these types of suits are unsuccessful and there usually has to be clear evidence of damage or distress above a de minimis level. An example of a ‘trivial’ ruling can be found here where the court decided that, while a data breach was unfortunate, it was unintended, quickly remedied and didn’t cause suffering or distress to any great extent.
What responsibility do we have to be compliant in processing our ever evolving categories of personal data? The pace at which the tech is advancing indicates that we all have to continuously work to maintain our compliance with the UK GDPR and the Data Protection Act 2018 and with that in mind, Tkm have various courses and accreditations available to suit all levels of experience. Our upcoming BCS Practitioner Certificate in Data Protection is intended for people who have existing responsibilities in data protection and have a basic understanding of relevant legislation.
Bookings are now being taken and more information on course content and examination procedure can be found here. Please make contact if you require advice on what course of action would be best suited to your organisation.
*Source Information Commissioners Office (ICO)