CCTV, Facial Recognition and Pseudonymised Data

Data Protection Made Easy Podcast

In this week’s Data Protection Made Easy podcast, Philip Brining and Catarina Santos unpacked real world audit insights and fast moving news. From sites with 300 plus cameras to the ICO’s current focus on police use of facial recognition, the conversation shows how context defines personal data, and why documentation matters for every decision you take.

GDPR Radio: CCTV, Facial Recognition and Pseudonymised Data

This GDPR Radio looks at CCTV in the workplace, police use of facial recognition, AI posture tracking as a lower risk alternative to biometrics, and the CJEU reminder that pseudonymised data is not always personal data. We also touch on opinions in SARs, cookie enforcement, and insider risks in schools. Fast paced, 30 minutes, loaded with takeaways.

Data Protection Made Easy podcast, Philip Brining and Catarina Santos unpacked real world audit insights and fast moving news. From sites with 300 plus cameras to the ICO’s current focus on police use of facial recognition, the conversation shows how context defines personal data, and why documentation matters for every decision you take.

Key Topics Discussed

CCTV and employee monitoring, lawful bases, necessity, and proportionality in practice during live audits.
Facial recognition under the spotlight, plus AI posture tracking to follow individuals without biometric templates.
CJEU on pseudonymised data, not always personal data, depends on the recipient’s re identification capability.
Opinions in SARs, when an opinion may be the personal data of the author, not the subject.
Cookies and compliance, large fines in Europe and a rising risk profile for UK organisations.
Insider risks in schools, a reminder that culture, training, and controls matter.

Practical Takeaways for DPOs and Privacy Teams

Document the context, record why data is or is not personal data in each use case, and keep the rationale current.
Refresh your CCTV DPIA, check purpose, signage, retention, access controls, and whether monitoring is targeted or continuous.
Assess alternatives to biometrics, posture and attribute based tracking may reduce risk, but still needs a DPIA and clear limits.
Review SAR playbooks, handle opinions carefully, consider third party rights, and keep a defensible audit trail.
Get cookies under control, implement a register, governance, and true prior consent for non essential cookies.

A Snappier Format

Episodes are now 30 minutes. The aim is simple, quick insights you can act on, with space for live Q&A and chat. Join live to ask questions, or listen back on your favourite platform.

Join the Data Protection Made Easy Community

It is free to join, and you will receive weekly invites, useful resources, and priority access to events. Become part of one of the UK’s largest data protection communities.

Use the subscription box at the bottom of most pages
Visit our contact page
Email us at info@dataprotectionpeople.com

FAQ

Is pseudonymised data always personal data

No. It depends on whether the recipient can reasonably re identify individuals. Context matters, so record your assessment.

Do opinions belong in SAR disclosures

Opinions can be the personal data of the author. Handle these carefully, consider third party rights,

Subscribe To Our Community

Cyber Security Services

PCI DSS

ISO 27001

Cyber Security Consultancy

Cyber Security Support

Pentesting

External Attack Surface Management

Data Protection Services

SAR Support

Data Protection Support

Outsourced DPO

Data Protection Consultancy

Information Management Software

GDPR Training

GDPR Audits

GDPR Representative

GDPR Documentation

GDPR Toolkit

Information Rights Request

24/7 Support whenever you need it