I’ve spoken, previously, about GDPR and DPIAs but I wanted to draw attention to some of the risks inherent in public area CCTV deployments:-

• Loss of personal data through unauthorised access;

• Personal data retained for longer than necessary;

• Personal data is retained in an insecure format;

• Intrusive surveillance in a mixed commercial and residential area;

• Third party data released through subject access requests; and

• Lack of transparency in use of intrusive surveillance in public areas.

None of these risks are insurmountable, nor should they slow down the deployment of cameras or systems but they should be considered when drawing up a DPIA, first.