The General Data Protection Regulation (GDPR) has changed how organisations handle personal data, including video footage, imposing strict requirements on maintaining privacy and security of personally identifiable information.
To maintain GDPR compliance, your organisation needs to make sure that it has tools in place to safeguard sensitive information.
They fall into 3 categories:
Overall data management,
Monitoring and breach responses, and
Compliant data sharing, especially for video footage
#First step: GDPR compliance assessment
To make sure that personal data is handled in accordance with regulations, you’ll need to review all aspects of data collection, storage, processing and transmission, identify potential risks, and evaluate your current policies and procedures.
After that, you can look into deploying tools that can help manage data in a compliant manner.
#Software tools for GDPR-compliant data management
GDPR compliance requirements for data management focus on these areas:
Data Encryption and Anonymisation
GDPR mandates that personal data be encrypted or anonymised wherever possible, especially when transferred or stored. Tools that automate encryption for personal data across networks and devices help maintain compliance.Access Control and Auditing
To prevent unauthorised access to sensitive data, businesses must implement robust access control mechanisms. Solutions often include multi-factor authentication (MFA), role-based access control (RBAC) and detailed auditing to track access and modification of data in real-time.
Organisations can also leverage a range of GDPR monitoring tools for:
Automated Auditing
Automated audit tools provide continuous assessments, generating reports on who accessed personal data, when, and for what purpose.Incident Response and Breach Detection
GDPR requires organisations to report data breaches to supervisory authorities within 72 hours. Compliance platforms are designed to detect, investigate, and report incidents swiftly, reducing the risk of non-compliance.
For organisations that handle CCTV footage or bodycam videos, there are additional considerations. We cover them below.
#GDPR-compliant video footage handling
For GDPR compliance, organisations must ensure that CCTV and other types of footage containing personal data is handled according the following principles:
Data Minimisation
GDPR emphasises the principle of data minimisation, meaning that only necessary personal data should be collected and retained for as long as needed.Retention Policies
GDPR stipulates that personal data must not be retained longer than necessary, and automated tools that delete footage after a defined period can help ensure compliance.Data Security in Transit & Storage
Surveillance data management solutions can include built-in encryption features that protect video footage from unauthorised access.
For body-worn cameras, particularly in law enforcement and public sector roles, organisations may also require the following:
Real-Time Data Redaction
Automatic real-time redaction for monitored footage to prevent unauthorised data exposure.Access Control and Encryption
Organisations need to ensure that recorded data remains confidential and can only be accessed for lawful purposes, such as legal proceedings or internal investigations.
#Responding to SARs and sharing video footage
Under GDPR, organisations need to blur out personal data of third parties when:
responding to subject access requests (SARs)
using CCTV footage inside the organisation (for training purposes or as a part of an internal investigation), and
sharing incident footage with third parties (such as law enforcement agencies or insurers).
Personal data includes faces and also other types of information that can help identify people or locations inside videos. For body-worn cameras, it also may include audio tracks where personal data is shared in a conversation.
Read more about GDPR compliance for organisations deploying CCTV in the workplace in this article.
#Video redaction software options
Depending on the setup and the volume of video footage requests, there are different software tools that you can use to share videos in a compliant manner.
These tools incude:
Creative video editing solutions
Good for occasional requests, where you don’t mind blurring our personal data frame by frame. Will create bottlenecks if you need to process longer videos or see an increase in footage requests.Built-in VMS tools
Can help redact videos inside your VMS without exporting footage, but may have limited functionality.VMS plug-ins
Similarly to built-in tools, they speed up footage blurring, but can be more flexible and offer more features. For example, Identity Cloak Playback plug-in for Milestone XProtect can also import video footage and automate tracking and blurring, and Identity Cloak LIVE blurs out personal data in real time for supervised environments like retail stores.
Automated video redaction tools
These tools include cloud-based or on-premise solutions that automate footage blurring and can significantly speed up video redaction time. Our Identity Cloak desktop solution completes projects in under 12 minutes on average.
Read our guide on choosing the best video redaction software for a full list of requirements for privacy protection.
#Identity Cloak for GDPR-compliant video redaction
Identity Cloak is a video redaction solution that is fully compliant with GDPR requirements. It doesn’t share data outside of your organisation, leaves the original data intact, and can generate an audit trail for video redaction projects.
It is used by organisations in retail, transportation, healthcare, and education, as well as by venues, museums, and local governments.
Identity Cloak helps streamline GDPR compliance by automating video redaction and following a simple, 4-step process:
Import footage
Identity Cloak can import MP4 and AVI files, and you can use the built-in screen recorder for any other type of footage.Detect and blur personal data
Identity Cloak automatically detects and tracks faces, bodies, or license plates, even in low-quality footage or in crowded spaces.Customisation and final check
Users can quickly review the redacted video, adjust blur settings and blur mode, and manually mask signage, IDs, name tags, or screens visible in the video with one click.Export of the redacted file
The original file is left intact, and the redacted file can be exported as an AVI or an MP4.
#Frequently asked Identity Cloak questions
What are the hardware requirements for using Identity Cloak?
Processor: Intel Core i7 10th gen onwards (AMD is not supported)
Graphics: NVIDIA T1000/A4000/RTX3050/RTX3060/RTX3090/RTX4090/Intel Iris XE or similar
RAM: 16 GB
Operating system: Windows 11 Pro
Storage: minimum 256 GB SSD
Can Identity Cloak work behind a firewall?
Yes, it can. If you find that you are blocked from using Identity Cloak. You'll need to ask your IT/ Digital Services team to provide us access.
Can Identity Cloak work on a virtual machine?
Yes, it can be installed on a virtual machine as long as the machine has access to a GPU.
What kind of data does Identity Cloak collect?
Identity Cloak is installed on your device within your secure network. A handshake is made between your device and our server, and the following data is transferred between your device and our sever:
License key
Device name
User experience data
Facit doesn't have access to videos that are processed via Identity Cloak. Our solution can also be fully airgapped for Enterprise plan users.
Do you offer discounts?
Yes, we offer discounts to organisations in the health and education sectors. Contact us to learn more.
#Start your Identity Cloak free trial
Try out Identity Cloak to see how you can quickly complete video redaction projects in compliance with GDPR requirements. No credit card required for a 7-day free trial.
