BlogStay tuned for more

The Law of the Republic of Cyprus 125 (I) 2018 and GDPR 679/2016 explicitly stipulates that the use of CCTV must be in accordance with the principles of the law.

Practically what does that mean?

Every employer has the right to secure the assets of his business and, of course, the staff who work there, as well as third parties who may be moving in these premises. It is commonly accepted and clear that such measures limit and are considered dissuasive as to the achievement of notional purposes. There are incidents where a suspected person was identified and handed over to the authorities due to the use oc CCTV. Another part also concerns insurance companies that demand evidence to be able to pay the appropriate compensations.

On the other hand, however, the use of CCTV constitutes a violation of privacy, especially when there is sound, where this is forbidden in every case.

Based on Regulation 679/2016, a process, whether by electronic means or not, may exist if and when the following conditions and principles are met:

  • Transparency as to how to process
  • Limit the Purpose where data is processed for a specific purpose
  • Minimize Data where the minimum information to be processed needs to be
  • Exact data and delete or correct the untrue.
  • Restrict to the Storage period to ensure that the data being processed is for a specific and pre-set interval only.
  • Integrity and Confidentiality for secure data processing.

On the basis of the above, an enterprise must ensure that it observes and applies all the above and can prove the legality of such processing operations it maintains. It is worth mentioning that in no way can an enterprise record the behaviour of workers or even third parties in the field and of course cannot be used to evaluate employee’s behaviour or even efficiency.

But what happens when a high-risk enterprise can affect the safety of other people or even objects? Is this act called "negligence" or "malicious act"?

As to what it means "negligence" or "malicious act”, that is definitely the courts in question and not how the applicant can interpret it.

There is one case, in a foreign country, where a worker has destroyed a machine worth several thousand euros. His recording in CCTV claimed that the "damage" was not due to a defective component but to a human factor. On this basis the company that supplied the machine did not compensate the company under the terms of the warranty of the machine and the company was legally moved to the employee. The employee claimed negligence and inadequate training, and the company was not compensated since it did not have a proper employee training file. The peculiarity of a business in terms of vital security or public interest matters clearly affects such decisions, but always by the measure and the implementation of the Principles governing the Regulation.

The use of protection measures that an undertaking holding a CCTV can take is enough to ensure its own legitimate interest. However, the primary point is to inform its staff and have their written consent to the use of CCTVs in the workplace. It is clear and understandable that the business must preserve the data recorded through the CCTV and not publish any of these records unless there is a legal obligation. Also, if there are screens that show live images, they must be in places with limited access and as few people as possible. There must be special markings in the premises, but also before entering them, to declare the operation of CCTV. Registration should not lead to degradation in order to evaluate the effectiveness of the workers. There should be no screens in public areas. Data should not be stored for a long time and encoded or there may be a "blur" of people.

It is also relevant that some decisions regarding the use of CCTVs where in some cases the cameras were ruined or even considered that the consent of the workers was not freely given.

Surely each business has its own peculiarities and needs and it is more appropriate to consult an expert or seek advice from the competent authorities before proceeding with such measures.

Comments powered by CComment

Contact Us

We are happy to respond to any queries you may have, so feel free to contact us.