It’s All About Data Pro­tec­tion! Body Cams In Pri­va­te Secu­ri­ty Companies

After fede­ral sta­tes deci­ded to equip the poli­ce with body cam tech­no­lo­gy, and this has alre­a­dy been suc­cessful­ly intro­du­ced in some fede­ral sta­tes, pri­va­te secu­ri­ty com­pa­nies are now also fol­lo­wing this path and equip their employees with body cams.

Not a bad idea, one might think, but how does it look in rea­li­ty, how are the requi­re­ments of data pro­tec­tion fulfilled?

If you take a clo­ser look at the rea­li­ty and deal more inten­si­ve­ly with the topic of data pro­tec­tion and body cam, you can hard­ly ima­gi­ne that the imple­men­ta­ti­on of data pro­tec­tion can even be ful­fil­led or gua­ran­teed. If you take a look at the gui­dance pro­vi­ded by the data super­vi­so­ry aut­ho­ri­ties on the use of body came­ras, it seems that com­pa­nies quick­ly reach their limits.

So what exact­ly is important when using body cam in the pri­va­te secu­ri­ty industry?

Body-Cam nimmt auf

GUIDELINE GDPR-COMPLIANT USE OF BODY-CAMS IN THE PRIVATE SECURITY INDUSTRY

I would now like to descri­be in more detail here exact­ly what pri­va­te secu­ri­ty com­pa­nies must adhe­re to and demons­tra­b­ly imple­ment in order to be able to use body cam tech­no­lo­gy in a GDPR-com­pli­ant manner.

The GDPR com­pon­ents of the use of body cams

Basi­cal­ly, the fol­lo­wing cir­cum­s­tances must be che­cked when purcha­sing body cam:

  1. Which hardware/software will be shortlisted?
  2. Who is respon­si­ble for hos­ting and admi­nis­tra­ti­on of the technology?
  3. For what pur­po­se is the came­ra tech­no­lo­gy used?
  4. Were all the docu­ments crea­ted for the ope­ra­ti­on of the body cam technology?
  5. Are all neces­sa­ry con­tract docu­ments available?
  6. Were all employees trai­ned accordingly?
  7. If a dai­ly assign­ment log is maintained?
  8. Has the use of the body cam been taken into account in the ser­vice instruction?

Basi­cal­ly, it is now only a mat­ter of working through the abo­ve 8 points pro­per­ly and con­sci­en­tious­ly in order to achie­ve a high level of data pro­tec­tion. Here are some tips and infor­ma­ti­on on how you can accom­plish the­se points wit­hout much stress, wit­hout high cos­ts and with as litt­le time as possible.

Point 1: Which Hardware/Software Is Shortlisted?

The­re are num­e­rous pro­ducts and solu­ti­ons on the body cam tech­no­lo­gy mar­ket. Basi­cal­ly, the decis­i­on which body cam tech­no­lo­gy and soft­ware to use can be made quite easi­ly. It is important to avo­id pro­ducts that are manu­fac­tu­red and hos­ted in so-cal­led unsafe third count­ries, e.g. the USA or Chi­na. Cer­tain­ly, the purcha­se pri­ce may be quite smart and attrac­ti­ve, but in terms of data pro­tec­tion, the­re are defi­ni­te­ly hurd­les to over­co­me that make the savings for­got­ten quick­ly. The short­list should only include tech­no­lo­gy that is manu­fac­tu­red in Ger­ma­ny or within the EU and com­pli­es with the Ger­man Data Pro­tec­tion Act (GDPR). This will save you a lot of hass­le and mini­mi­ze the data pro­tec­tion effort invol­ved considerably.

We can recom­mend the body cam of the com­pa­ny Net­Co Pro­fes­sio­nal Ser­vices GmbH from Blan­ken­burg in the Harz regi­on. The Net­Co Body Cam ful­fills the requi­re­ments of the GDPR in terms of tech­no­lo­gy and soft­ware and can also con­vin­ce with an inte­res­t­ing pri­ce / per­for­mance ratio.

Point 2: Who Is Respon­si­ble For Hos­ting / And Admi­nis­tra­ti­on Of The Technology?

Let’s stay with NetCo’s body cam to bet­ter illus­tra­te the topic. A body cam always con­sists of three essen­ti­al com­pon­ents. The­se are:

  • The body cam
  • The ser­ver software
  • The cli­ent soft­ware for the PC

The ope­ra­ti­on of the ser­ver appli­ca­ti­on can be rea­li­zed in two ways:

  • Third par­ty hos­ting by NetCo
  • Self-hos­ting by the client

Descrip­ti­on Third Par­ty Hos­ting by NetCo

In order to be able to ful­ly use, admi­nis­ter and adjust the body cam, the cor­re­spon­ding admi­nis­tra­ti­on soft­ware (ser­ver appli­ca­ti­on) must be instal­led and ope­ra­ted on a web ser­ver. Here Net­Co offers the full ser­vice, i.e. Net­Co takes over the hos­ting for the com­pa­ny and also ensu­res the secu­re and cur­rent sta­tus of the ser­ver tech­no­lo­gy and soft­ware. This pro­ce­du­re is descri­bed as third-par­ty hos­ting and requi­res a list of tech­ni­cal and orga­niza­tio­nal mea­su­res (TOM), which must be pro­ven in a data pro­tec­tion docu­men­ta­ti­on (see point 5). In order to ful­fill this point, Net­Co pro­vi­des this direc­to­ry (TOM) to the cus­to­mer. Simi­lar­ly, Net­Co pro­vi­des a con­tract for the order data agree­ment, which is essen­ti­al for point 6.

The advan­ta­ges of this vari­ant are obvious. The cus­to­mer has very litt­le work and does not have to crea­te his own docu­men­ta­ti­on in terms of GDPR, but it is ins­tead pro­vi­ded by the manu­fac­tu­rer. In addi­ti­on, the ser­ver loca­ti­on is in Ger­ma­ny and the­r­e­fo­re meets the requi­re­ments of the GDPR.

Descrip­ti­on self-hos­ting by the client

Of cour­se the­re are reasons and requi­re­ments to run the body cam ser­ver appli­ca­ti­on on own web ser­vers. Howe­ver, it should be noted that in this vari­ant the cus­to­mer must crea­te the list of tech­ni­cal and orga­niza­tio­nal mea­su­res (TOM) for ser­ver ope­ra­ti­on and also pro­vi­de pro­of of this. It is also important to ensu­re that the ser­ver is loca­ted within the EU and that no data is com­mu­ni­ca­ted to an unsafe third coun­try. It is also important that ope­ra­ti­on in cloud appli­ca­ti­ons from Goog­le and Ama­zon (AWS) must be docu­men­ted sepa­ra­te­ly and pro­ven by a so-cal­led data pro­tec­tion impact assess­ment (DSFA).

Point 3: For What Pur­po­se Is The Came­ra Tech­no­lo­gy Used?

When it comes to using body cam tech­no­lo­gy for one’s own com­pa­ny or on behalf of third par­ties, the hurd­les of data pro­tec­tion are rela­tively high and many often pre­sen­ted refe­ren­ces to the pur­po­se of use turn out not to be GDPR-com­pli­ant. This rai­ses the ques­ti­on: When is the use of a body cam com­pli­ant with data protection?

The ans­wer to this is given by the Ger­man Data Pro­tec­tion Con­fe­rence as follows:

The use of the body cam in accordance with data pro­tec­tion must be mea­su­red against Artic­le 6 (1) f of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) and Sec­tion 4 of the Fede­ral Data Pro­tec­tion Act (BDSG). Accor­ding to this, the pro­ces­sing of per­so­nal data is per­mis­si­ble inso­far as it is neces­sa­ry for
the exer­cise of domic­i­lia­ry rights or the safe­guar­ding of legi­ti­ma­te inte­rests (1.) of data con­trol­lers or third par­ties is appro­pria­te (2.) and neces­sa­ry (3.) and pro­vi­ded that the inte­rests or fun­da­men­tal rights and free­doms of the data sub­ject, which requi­re the pro­tec­tion of per­so­nal data, do not prevail.

Basi­cal­ly, as far as the use of body cams and mobi­le came­ras (e.g. for con­s­truc­tion site moni­to­ring) is con­cer­ned, the fol­lo­wing reasons can be used for ear­mar­king purposes:

  • Pro­tec­tion of secu­ri­ty ser­vice employees from assaults
  • Sub­se­quent iden­ti­fi­ca­ti­on of the crime suspect
  • Secu­ring evi­dence for pos­si­ble civil claims

Note: reasons that may be given for the pur­po­se of sol­ving cri­mes should be avo­ided here, howe­ver, as the­se are the sole respon­si­bi­li­ty of the law enforce­ment authorities.

Item 4: Have All Docu­ments For The Ope­ra­ti­on Of The Body Cam Tech­no­lo­gy Been Prepared?

The GDPR-com­pli­ant use of body cam and mobi­le came­ra tech­no­lo­gy must always be con­side­red from two sides. On the one hand, the­re is the manu­fac­tu­rer of the tech­no­lo­gy and, on the other hand, the user, i.e. the respon­si­ble par­ty. If we now assu­me that the manu­fac­tu­rer has taken into account all the requi­re­ments of the GDPR, it is now up to the respon­si­ble body to cor­rect­ly pro­cess its GDPR imple­men­ta­ti­ons and docu­ment them accor­din­gly. This includes the fol­lo­wing activities:

  • Crea­ting a came­ra secu­ri­ty concept
  • Crea­ti­on of a pro­ces­sing direc­to­ry for the came­ra tech­no­lo­gy and for the cor­re­spon­ding software
  • Crea­ti­on of a list of tech­ni­cal and orga­niza­tio­nal mea­su­res (TOM) for inter­nal measures
  • If the soft­ware tech­no­lo­gy is ope­ra­ted on its own ser­ver, a list of tech­ni­cal and orga­niza­tio­nal mea­su­res must also be drawn up for it
  • Crea­ting an  aut­ho­riza­ti­on con­cept (Who is allo­wed to work with the came­ra? Who admi­nis­ters the ser­ver soft­ware? Who ope­ra­tes the cli­ent soft­ware? Who has access to the data and when, etc.?)
  • Crea­ting a dele­ti­on and back-up concept
  • Crea­ting the dai­ly ope­ra­ti­on pro­to­col for the came­ra deployment
  • Do all employees who work with per­so­nal data have appro­pria­te trai­ning certificates?

Admit­ted­ly, a lot of paper­work, but abso­lut­e­ly neces­sa­ry. In order to be able to ful­fill the­se docu­men­ta­ti­on requi­re­ments 100%, the use of so-cal­led data pro­tec­tion manage­ment soft­ware is recommended.

Data Pro­tec­tion Manage­ment Software

We recom­mend our data pro­tec­tion manage­ment soft­ware so that you can docu­ment and pro­ve your data pro­tec­tion cle­ar­ly and up-to-date. With our DMS, you can crea­te all the neces­sa­ry docu­ments (pro­ces­sing direc­to­ries, TOM, DSFA) with just a few clicks and also recei­ve all the neces­sa­ry infor­ma­ti­on pro­vi­ded. In addi­ti­on, our soft­ware has an inte­gra­ted and GDPR-com­pli­ant video con­fe­ren­cing sys­tem, a whist­le­b­lower sys­tem and an eLear­ning plat­form for inter­nal training.

Point 5: Are All Neces­sa­ry Con­tract Docu­ments Available?

Wit­hout con­tract docu­ments, a com­ple­te and GDPR-com­pli­ant docu­men­ta­ti­on is incon­ceiva­ble. In basic terms, you must com­mit all part­ners and com­pa­nies that have an indi­rect and direct influence on your body cam use with con­tracts for com­mis­sio­ned pro­ces­sing and also gua­ran­tee the sui­ta­bi­li­ty of the cor­re­spon­ding com­pa­nies. To brief­ly men­ti­on some examp­les of which con­trac­tu­al part­ners can be con­side­red for your pro­ject, here is a small overview:

Con­tract for com­mis­sio­ned data processing

  • Manu­fac­tu­rer / Dis­tri­bu­ti­on of the body cam
  • For hos­ting on own ser­ver con­tract hos­ting provider
  • When using an exter­nal data pro­tec­tion officer
  • When using exter­nal DPM software

Joint respon­si­bi­li­ty contract

In the case of pri­va­te secu­ri­ty com­pa­nies, it is also important to ensu­re that, if the body cam is used on behalf of the cus­to­mer (e.g. for Shop­Guards, Door­man, etc.), a joint respon­si­bi­li­ty agree­ment is in place.

Point 6: Have All Employees Been Trai­ned In Data Protection?

When using body cam tech­no­lo­gy, the­re are 3 types of employees to consider.

  • Employees who ope­ra­te a came­ra in the field
  • Employees who edit cor­re­spon­ding image / video mate­ri­al in the follow-up
  • Employees who admi­nis­ter the soft­ware and ser­vers in the case of “self-hos­ting

The trai­ning cour­ses should have dif­fe­rent focu­ses, depen­ding on the type of hand­ling of the tech­no­lo­gy, so that the rele­vant employees are pre­cis­e­ly trai­ned for their work and can demons­tra­te the cor­re­spon­ding exper­ti­se. The trai­ning cour­ses should be repea­ted every 12 months.

All trai­ning cour­ses are alre­a­dy pre­pared in the Pro Ver­si­on via the DPMS Manage­ment Sys­tem pro­vi­ded by us, thus enab­ling fast and smooth trai­ning success.

Item 7: Is A Dai­ly Ope­ra­ti­ons Log Maintained?

In order to be able to record and pro­ve the peri­od of use and the actu­al recor­ding times wit­hout any gaps, it is man­da­to­ry to keep a so-cal­led use log. How this is kept and which soft­ware is used for it plays a sub­or­di­na­te role. Cer­tain­ly, some peo­p­le think that the came­ra tech­no­lo­gy logs all essen­ti­al details and stores them in so-cal­led log files, but some data is requi­red that can­not be recor­ded by the technology.

For inte­res­ted users, we offer our digi­ta­li­zed appli­ca­ti­on pro­to­col for body cams in two dif­fe­rent appli­ca­ti­on forms.

  • Deploy­ment pro­to­col for shared responsibilities
  • Deploy­ment pro­to­col for public trans­port deployment

You are wel­co­me to take a look at our digi­tal deploy­ment pro­to­col for shared respon­si­bi­li­ties wit­hout com­mit­ment. Plea­se use the fol­lo­wing link and the fol­lo­wing user data:

Digi­tal Deploy­ment Protocol

Cli­ent ID : 86e0­b665-2022 | Cli­ent Num­ber : 50500

Ques­ti­ons About Data Pro­tec­tion And Body Cam?

If you have any ques­ti­ons and/or if you want addi­tio­nal infor­ma­ti­on about data pro­tec­tion for body cams, you may cont­act us at any time . We will be hap­py to ans­wer your ques­ti­ons and advi­se you on this subject.

Leave a Reply