{"id":30591,"date":"2026-01-15T14:50:09","date_gmt":"2026-01-15T13:50:09","guid":{"rendered":"https:\/\/it.andersen.com\/?p=30591"},"modified":"2026-01-15T14:56:37","modified_gmt":"2026-01-15T13:56:37","slug":"compliance-risk-management-the-risks-associated-with-installing-a-video-surveillance-system","status":"publish","type":"post","link":"https:\/\/it.andersen.com\/en\/compliance-risk-management-the-risks-associated-with-installing-a-video-surveillance-system\/","title":{"rendered":"Compliance &amp; Risk Management &#8211; The risks associated with installing a video surveillance system"},"content":{"rendered":"<p>In this fifth issue of the <strong>Compliance &amp; Risk Management<\/strong> Newsletter, professionals from Andersen&#8217;s <strong>231\/Privacy<\/strong> Service Line have explored the topic of <strong>video surveillance in the workplace<\/strong>, highlighting the growing importance of adopting appropriate measures to mitigate the risks associated with the installation of a video surveillance system (CCTV), thereby improving <strong>governance<\/strong>.<\/p>\n<h2>Video surveillance in the workplace: the distinction between lawful and unlawful use pursuant to Legislative Decree 231\/2001<\/h2>\n<p>The installation of cameras is lawful only if prior <strong>authorisation<\/strong> is obtained from the competent local Labour Inspectorate or if an agreement is entered into with the trade union representatives, as provided for in Article 4 of the Workers&#8217; Statute. Failure to comply with this requirement qualifies the activity as <strong>covert monitoring of workers<\/strong>, a crime that gives rise to administrative liability for the entity. Defensive surveillance is an exception, which is only lawful in the event of serious and concrete evidence of wrongdoing.<\/p>\n<p>Therefore, in order to strengthen the company&#8217;s position, the MOGC must incorporate specific <strong>dedicated protocols<\/strong>: from GDPR-compliant privacy notices to the training of managers and the Supervisory Body, to the detailed mapping of areas under video surveillance.<\/p>\n<h2>Video surveillance system and facial recognition: how to make it compliant with the GDPR and the AI ACT<\/h2>\n<p>For compliance purposes (in particular, with the GDPR and the AI ACT), the implementation of a video surveillance system with <strong>facial recognition<\/strong> necessarily requires a <em>risk-based approach.<\/em> In addition to defining the <strong>purposes<\/strong> for which such a system is to be installed (e.g. security, theft prevention), also considering the prohibitions provided for by the AI ACT, it is necessary to assess the <strong>risks to the rights and freedoms of individuals <\/strong>through a Data Protection Impact Assessment (DPIA), adopting systems that enable compliance with the <strong>principle of minimisation.<\/strong><\/p>\n<p>In organisational terms, it is first necessary to establish clear and comprehensible internal <strong>procedures<\/strong> and <strong>information<\/strong> visible in the areas under video surveillance. Only by integrating legal, technical and organisational aspects is it possible to use facial recognition in a compliant manner, thus reducing the risks to individuals&#8217; rights.<\/p>\n<h2>CCTV system and risk assessment: the most relevant risks<\/h2>\n<p>The design and installation of a video surveillance system require careful analysis of all associated risks (technical, legal, organisational, security and liability risks) in order to ensure an <strong>integrated risk management<\/strong>. Privacy issues should not be underestimated, given that a CCTV system processes images, which are personal data<\/p>\n<p>The <strong>impact of the video surveillance system in the workplace<\/strong> must also be carefully considered, with regard to the provisions of Article 4 of the Workers&#8217; Statute, as well as the <strong>technical and operational risks<\/strong> due, for example, to network vulnerabilities.<\/p>\n<p>It is therefore necessary to establish and maintain a stable <strong>governance <\/strong>structure that provides for <strong>procedures or operating instructions<\/strong> to ensure that the system is used in full compliance with current regulations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this fifth issue of the Compliance &amp; Risk Management Newsletter, professionals from Andersen&#8217;s 231\/Privacy Service Line have explored the topic of video surveillance in the workplace, highlighting the growing importance of adopting appropriate measures to mitigate the risks associated with the installation of a video surveillance system (CCTV), thereby improving governance. Video surveillance in [&hellip;]<\/p>\n","protected":false},"author":146,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"_links":{"self":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/30591"}],"collection":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/comments?post=30591"}],"version-history":[{"count":2,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/30591\/revisions"}],"predecessor-version":[{"id":30593,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/posts\/30591\/revisions\/30593"}],"wp:attachment":[{"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/media?parent=30591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/categories?post=30591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it.andersen.com\/en\/wp-json\/wp\/v2\/tags?post=30591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}