Data protection training
All personnel with access rights, including outsourced personnel carrying out the day-to-day CCTV operations or the maintenance of the system, should be given data protection training and should be familiar with the provisions of GDPR to the extent that they are relevant to their tasks. The training should pay special attention to the need to prevent the disclosure of surveillance video to anyone other than authorized individuals.
Training of personnel is mandatory and must include:
- Cybersecurity
- Export of VMS data
Training should be held when a new system is installed, when significant modifications are made to the system, when a new person joins the organization, as well as periodically afterwards at regular intervals. For existing systems, initial training should be held during the transitory period and periodically afterwards at regular intervals
For more information about GDPR for the VMS operator, see the Milestone GDPR Privacy Guide for VMS Operators and the Milestone GDPR e-learning for VMS Operators.