• CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Business risk management (ISO 31000, etc.)
      • Compliance management in business systems
      • Harmonization of operations in majority state-owned companies (Decision of the Government of the Republic of Croatia OG 99/19)
      • Management of the protection of whistleblowers (46/22 OG and ISO 37002)
      • Anti-corruption system management (ISO 37001)
      • Alignment with the EU GDPR Regulation
      • Privacy management (ISO 29100)
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Menu
  • CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Business risk management (ISO 31000, etc.)
      • Compliance management in business systems
      • Harmonization of operations in majority state-owned companies (Decision of the Government of the Republic of Croatia OG 99/19)
      • Management of the protection of whistleblowers (46/22 OG and ISO 37002)
      • Anti-corruption system management (ISO 37001)
      • Alignment with the EU GDPR Regulation
      • Privacy management (ISO 29100)
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Search
EN
  • HR
[ivory-search id="3372" title="Search form laptop"]

HR 

  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje poslovnim rizicima (ISO 31000 i dr.)
      • Upravljanje usklađenostima u poslovnim sustavima
      • Usklađivanje poslovanja u trgovačkim društvima u većinskom državnom vlasništvu (Odluka Vlade RH NN 99/19)
      • Upravljanje zaštitom prijavitelja nepravilnosti (46/22 NN te i te i ISO 37002)
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Usklađivanje s EU GDPR Uredbom
      • Upravljanje zaštitom privatnosti (ISO 29100)
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje poslovnim rizicima (ISO 31000 i dr.)
      • Upravljanje usklađenostima u poslovnim sustavima
      • Usklađivanje poslovanja u trgovačkim društvima u većinskom državnom vlasništvu (Odluka Vlade RH NN 99/19)
      • Upravljanje zaštitom prijavitelja nepravilnosti (46/22 NN te i te i ISO 37002)
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Usklađivanje s EU GDPR Uredbom
      • Upravljanje zaštitom privatnosti (ISO 29100)
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • Konzalting
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje poslovnim rizicima (ISO 31000 i dr.)
      • Upravljanje usklađenostima u poslovnim sustavima
      • Usklađivanje poslovanja u trgovačkim društvima u većinskom državnom vlasništvu (Odluka Vlade RH NN 99/19)
      • Upravljanje zaštitom prijavitelja nepravilnosti (46/22 NN te i te i ISO 37002)
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Usklađivanje s EU GDPR Uredbom
      • Upravljanje zaštitom privatnosti (ISO 29100)
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • Edukacije
    • Kalendar edukacija
  • e-learning
  • O nama
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • Novosti
  • Blog
  • Kontakt
  • En
    • Hr

Homepage > Blog > GDPR and video surveillance

Blog

GDPR and video surveillance

  • 14.04.2022.

Nowadays, data protection requirements have become fundamental requirements on which the right to privacy depends. The General Data Protection Regulation, as the regulatory framework of the European Union, has greatly changed the way personal data is collected and processed. The most important part of the regulation is the process of data collection and processing, which should be recorded in such a way that it is known who collects and processes data, for what purpose and on what basis.

An interesting issue related to the protection of personal data is certainly the question of how to use the video surveillance system. The GDPR classifies video data as a group of sensitive data, which means that they require special protection measures.

 

What does the GDPR allow organizations in terms of video surveillance?

In the case of using video surveillance, it is important to analyze the justification of its use as a means of protection. The legal basis for video surveillance is generally the legitimate interest of the company (eg protection of property), and with the help of this recording it is possible to establish the identity of a person and therefore marked as personal data of a particularly sensitive nature. Accordingly, any organization whose premises are under video surveillance should take measures to secure processing.

Prior to the video surveillance itself, it is necessary to conduct a data protection impact assessment and list the list of all processing activities that are intended to be performed, as well as the reasons for which the video surveillance is carried out. A monitoring system should only be set up if the assessment shows that in this case there are potential benefits that outweigh the risks to individuals. Thus, there is no doubt that the video surveillance footage contains personal data that needs to be protected according to the principles of the GDPR regulation.

 

The role of data processing manager

The duty of the video surveillance organizationis to inform the persons who are in the monitored area. The sign should be clearly visible, and it is desirable that information on video surveillance be provided before entering such a space.

The notification must include the following:

  • A sign that the space is under video surveillance
  • Data about processing manager
  • Contact information for possible realization of rights

GDPR regulation prescribes that it is necessary to keep evidence of persons who have access to recordings. The processing manager and the processing executor are obliged to establish an automated system of records for recording access to video surveillance recordings, which will contain the time and place of access, as well as the identification of persons who accessed data collected through video surveillance.

The law defines the period within which the recordings should be kept, after which they should be destroyed. Recordings obtained through video surveillance may be kept for a maximum of six months, unless another law prescribes a longer retention period or if the evidence is in court, administrative, arbitration or other equivalent proceeding.

 

When is it necessary to seek the consent of AZOP?

In some cases, users who intend to use the video surveillance system need to seek the consent of AZOP, the national data protection agency. The following are examples of such cases:

  • Connecting a video surveillance system with biometric data or a database of individuals
  • Face recognition or other biometric recognition
  • Low sensitivity infrared cameras
  • Dynamic-preventive monitoring (eg through applications for recognizing a person’s behavior)
  • Special cameras with digital zoom capabilities

Precisely because of the problem of abuse of video surveillance, its use is legally prescribed. In Croatia, there are three laws related to the use of video surveillance: Personal Data Protection Act, Labor Act and the Occupational Safety and Health Act.

Therefore, it is important to keep in mind that the GDPR regulation prescribes a careful and detailed analysis of potential risks and benefits on the basis of which it is possible to assess the impact on personal data protection. Organizations that decide to install video surveillance should take care of procedures that will reduce the risk of data loss or loss.

Consulting

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATIONS

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATION CALENDAR

ABOUT US

Partners

ZIH team

ZIH’s Authorities

Reference list

NEWS

BLOG

NEWS

BLOG

CONTACT

Trg Antuna, Ivana i Vladimira Mažuranića 8, 10 000 Zagreb
 
Telefon: +385 1 4855 271
Fax: +385 1 4855 272
E-mail: zih@zih.hr
 
IBAN: HR7423400091100013041
 
OIB: 34774399108

NEWSLETTER

Stay up to date with the news and services we provide
Facebook Youtube Linkedin
Copyright © 2022. ZIH
Pravila privatnosti
Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Dizajn i programiranje: Prospekt d.o.o.
Copyright © 2022. ZIH

Privacy policy

Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Design and programming: Prospekt d.o.o.