Redacting personal data in CCTV footage for GDPR compliance
Video footage can be shared with authorities as a part of incident reporting, or it can be requested by a data subject — as a data subject access request (DSAR). As a data controller, you have a legal responsibility to comply with GDPR when disclosing surveillance footage of individuals.
The following GDPR articles are relevant to processing CCTV footage requests:
GDPR Article 9
Prohibits the processing of personal data without explicit consent of the data subject (such as images of faces), unless there are special circumstances.GDPR Article 15
Outlines the right to obtain from your organization (the data controller) the personal data that pertains to them and the related information linked to its use, including video footage or audio recordings.GDPR Article 17
Provides data subjects the “right to erasure” or “right to be forgotten”. Data subjects can request that the data controller erase their personal data.
In order to comply with GDPR, all personal data except relevant to the subject(s) of interest must be completely redacted when video footage is made public or shared with third parties.
Types of personal data in CCTV footage
At a minimum, identities and PII of all individuals other than the subject(s) shown in the footage must be redacted.
That said, personally identifiable data isn’t limited to images of faces.
It also includes:
Tattoos and distinguishing marks
Distinguishing clothing
Name tags and IDs
Vehicle number plates
Signage, words and location indicators
Information on computer screens
7 steps to develop data compliance practices
Organisations that capture CCTV footage can ensure compliance with GDPR requirements by establishing data compliance practices. We recommend following these 7 steps.
1. Create a compliance framework
A compliance framework provides a structure for addressing compliance regulations that relate to an organisation and its industry sector. It also helps to identify data that requires stricter security protocols.
2. Define policies
To satisfy regulators, create clear policies on data collection and use across departments, including policies on handling personnel data, transactional data and so on as well as the CCTV footage.
3. Publish privacy policies
Ideally, your privacy policies clearly explain to your staff, customers, and suppliers what data is collected, what it is used for, how it is stored, and how long it will be kept.
They should also specify how any of those parties can request access to their personal data or enforce their right to “be forgotten” and have their data removed from your systems
4. Stay current with compliance regulations
Build privacy practices into IT systems and business practices. Companies that work internationally may have to factor in flexible practices to accommodate regional requirements. You can read more about regional requirements relevant to CCTV footage here.
5. Implement data retention and removal measures
Data retention schedules help ensure that data is stored for the mandated amount of time and removed on schedule.
6. Anonymise sensitive data
Data should be anonymised to remove personally identifiable information by using a reliable method, especially when sharing information with third parties.
7. Develop a plan ensure data compliance
For CCTV footage, this includes choosing a video anonymisation tool or approach.
Choosing your CCTV redaction approach
Depending on the volume of requests, organisations can approach video redaction differently.
Here are the most common approaches:
Manual redaction with a video editing tool
Outsourcing blurring PII to an external service provider
Using an automated redaction solution like our tool, Identity Cloak
Automated video redaction solutions can be on-premise, process videos in the cloud, or be deployed as add-ons for VMS tools.
Here’s a quick overview of these approaches based on CCTV video redaction needs:
Manual redaction: best for infrequent requests and short video clips.
Outsourcing: best for infrequent requests for single-source footage.
On-premise automated video redaction: best for multiple CCTV footage requests from organisations with strict data protection requirements.
Cloud-based video redaction: best for companies that don’t need to worry about industry data regulations or cloud storage costs.
VMS integrated tools: best for organisations that don’t need to import other types of footage.
Read the breakdown of the most common video anonymisation approaches and their advantages and disadvantages below.
Manual redaction
Video editing tools with blurring features can be used to redact PII frame by frame in CCTV footage.
It’s possible to find open-source video editing tools that are either free or very low cost, helping companies with small budgets to stay compliant.
That said, frame-by-frame editing can be very time-consuming for complex footage, and may not be practical for companies that need to process a growing number of SARs.
Manual redaction is the best fit for companies that only need to occasionally complete infrequent requests for CCTV footage, with short, simple video clips.
Outsourcing
Outsourcing CCTV footage redaction to third parties makes it easy to respond to requests for any type of footage, with any level of complexity, without taking up your team’s time.
That said, it can be expensive and makes it hard to control costs. For example, Córas Iompair Éireann (CIÉ), switched to Identity Cloak because redaction costs were as high as €700 per video.
If you need to find multiple videos across different camera footage and combine relevant clips into a single file first, there may be a higher risk of missing SAR processing deadlines. Another potentially time-consuming step is reviewing the redaction footage and requesting additional changes if any PII may have been missed.
Outsourcing CCTV video redaction is best for companies that only get infrequent requests for footage and don’t need a quick turnaround for video processing.
On-premise video redaction tools
On-premise video redaction tools automate detection and blurring for faces and other types of PII. This redaction method makes it easy to handle requests in-house.
Some of the more specialized, industry-specific tools may be hard to use, creating bottlenecks for teams that are not tech-savvy.
In-house, on-premise video redaction tools are the best fit for organisations that get multiple CCTV footage requests and need to stay compliant with strict data protection requirements, for example, healthcare organisations.
Cloud-based video redaction tools
This type of video redaction tools offers the same capabilities as the on-premise video redaction tools, but video footage needs to be uploaded into the cloud to be processed.
Because CCTV footage ends up processed in the cloud, it may not be a fit for organisations in industries with strict data protection requirements. An additional drawback is that there are additional costs for cloud storage.
Some of the cloud-based video redaction tools may not be compatible with CCTV legacy systems, requiring workarounds or using different video redaction tools.
Cloud-based video redaction software is the best fit for companies that value simplified workflows and don’t need to worry about industry data regulations or cloud storage costs.
VMS integrated tools
Many VMS have built-in video redaction tools, or can have those tools combined with VMS as an add-on. With built-in tools, there may be limited capabilities for handling legacy footage or different types of video recordings, like mobile phone recordings.
Unless you’re using an add-on that enables video import, it’s the best fit for organisations that only need to handle CCTV footage editing requests.
Download this checklist to evaluate possible solutions based on industry requirements or use this video redaction tools comparison template to speed up your research.
You can also read more about our solution, Identity Cloak, used by organisations like Tate Museum, River Island, and Nottingham City Transport and others, below.
Identity Cloak for CCTV video redaction
Identity Cloak helps organisations to quickly and efficiently redact video footage, without having to spend days on frame-by-frame editing. It can be deployed as an on-premise solution and as Milestone XProtect plug-ins.
Read on to see what makes Identity Cloak stand out — and how companies in retail, healthcare, transportation, education, and logistics have been using it to stay compliant with GDPR.
Identity Cloak Desktop
Our desktop version can be used to securely redact video footage from CCTV, including legacy systems. It can edit video clips to reduce the redaction time, removes PII from audio tracks, and redacts low-quality footage with a high level of accuracy.
Identity Cloak’s AI automatically recognizes people and tracks their movements, blurring everyone in the video, so that unmasking the subject only takes one click.
You can change the shape and the density of blur, mask faces or bodies, and use inverse blur to completely anonymise sensitive environments. For PII such as signage or name tags, you can manually obscure specific parts of the screen with a single click.
On average, our customers complete their projects in under 12 minutes, without going through an extensive training:
“Our relationship is really good and we have massively saved on time. At first I had to sell it to the team; they felt it was daunting, particularly as they thought they would have to blur every single individual themselves. But once I showed them how to blur and that it just does a full screen blur and it can track, they were much happier.”
Data Protection Officer & CCTV Policy Manager Major Grocery Retailer
Many of our customers switch to Identity Cloak from video editing tools, where blurring needs to be done frame by frame:
“Using non-specialist editing software for redaction was a problem. It was time consuming and there was always the risk of missing a single frame or face.”
Andy Shorey, IT Director, Kingston
Others choose Identity Cloak because they need to quickly respond to incidents and instances of theft:
“The investment in Identity Cloak has been excellent value. It allows us to maintain high standards of security and compliance while being agile enough to respond fast when it counts.”
Barry Palmer, Head of Safety and Security at Tate
For organisations in education and healthcare, the deciding factor is often deploying an air-gapped, on-premise solution to minise the risk of data breaches:
“The application sits within our own network, which ensures that the Trust’s video never leaves our own secure environment, rather than having to place our video in the Cloud, which was an issue here at the Trust.”
Ian Taylor Head of Security, King's College Hospital NHS Foundation Trust
It’s worth mentioning that our pricing is based on the number of redacted videos, not minutes, and there are no limits on the video duration or file size for both export and import.
You can see our pricing plans here or find out more about Identity Cloak features on this page.
Identity Cloak Milestone Live and Milestone Playback plug-ins
Identity Cloak Milestone plug-ins can be used for live video redaction in control rooms, and for redacting videos inside XProtect.
While the original files stay intact, Milestone users can process videos faster and import video files, including in legacy formats, into XProtect. For example, the Paris Police Department adopted Identity Cloak to automate the redaction of faces and personal identifiers in CCTV footage.
Read more about our Milestone plug-ins here, or reach out to our team.
Identity Cloak free trial
If you’re looking for a solution that can blur CCTV footage for a growing number of footage requests, see how Identity Cloak can speed up video blurring and help you stay compliant with SAR processing deadlines.
Download Identity Cloak to Start your 7-day trial here.
