The DPC has published guidance for drivers concerning their data protection responsibilities when using dash cams. Images and audio recordings captured by dash cams constitute ‘personal data‘ insofar as they relate to an identifiable individual and are therefore subject to the GDPR and Data Protection Act 2018.
Actions to take
In order to comply with the GDPR, in particular, the transparency, purpose limitation, data minimisation, storage limitation and security requirements, as well as individuals’ access rights, the DPC recommends that drivers take the following actions:
- Ensure a clearly visible sign or sticker is place on vehicles indicating that filming is taking place;
- Keep a policy sheet detailing your contact details, the basis on which you are collecting the images and audio of others (if applicable), the purposes for which the data is being used and how long you will retain it for etc. (in compliance with Articles 12 and 13 of the GDPR);
- Provide a copy of the policy sheet on request to anyone who asks for further information about your dash cam, or provide the information verbally;
- In the event of an accident, inform the other party that you have recorded footage of the accident;
- Only retain footage for as long as necessary, in regard to the purpose for which it was obtained. Footage of an accident may be required for a claim or investigation and can be retained for that purpose, but other footage should be routinely deleted;
- Store footage securely and limit access to it, and
- Provide individuals with access to any footage/audio recording their image/voice.