Camera DPIA and signage template (for EU)
Camera Snapshot DPIA + Signage Template (EU)
Version: 1.0
Effective date: 01.03.2026
Owner: Clownfish Web Artur Cichosz
This template is intended for customers using camera snapshot webhooks in the BloomLightly platform. It helps controllers document GDPR compliance, especially where employees, contractors, visitors, or publicly accessible areas may be captured.
Important: This is a practical template, not legal advice. The controller remains responsible for final legal assessment and local-law adaptations.
1. Purpose and Legal Context
1.1. This Data Protection Impact Assessment (DPIA) template supports compliance with Articles 5, 6, 24, 25, 32 and 35 GDPR.
1.2. Where national law adds requirements (e.g., labor law/works council rules, local camera-monitoring acts), the controller must include those requirements before go-live.
2. DPIA Trigger Check (Article 35 GDPR)
2.1. Mark whether DPIA is required for this deployment:
- Large-scale systematic monitoring of publicly accessible areas
- Monitoring of employees/contractors in workspaces
- Use in high-risk zones (sensitive facilities, vulnerable persons)
- Combination with other datasets for behavior analysis
- Other high-risk factors under local supervisory authority lists
2.2. If any box above is checked, perform full DPIA and (if needed) prior consultation under Article 36 GDPR.
3. Processing Description
3.1. Processing name: [INSERT NAME].
3.2. Controller: [INSERT ENTITY + CONTACT].
3.3. Processor: [INSERT PROVIDER ENTITY].
3.4. Processing purpose(s): [security / operational monitoring / incident evidence / other].
3.5. Camera scope/location(s): [INSERT].
3.6. Data categories: still images (JPEG), timestamp, camera ID, webhook metadata, source IP, security logs.
3.7. Data subjects: employees, contractors, visitors, delivery staff, other persons in camera area.
3.8. Frequency: [e.g., periodic snapshot every X minutes or event-triggered].
3.9. Retention: [latest snapshot only / X days / no storage].
3.10. Recipients: [internal security team, farm admin, DPO, external processor].
3.11. Transfers outside EEA/UK: [yes/no; if yes specify SCCs and safeguards].
4. Lawful Basis and Transparency
4.1. Primary lawful basis under Article 6 GDPR:
- Art. 6(1)(f) legitimate interest
- Art. 6(1)(c) legal obligation
- Art. 6(1)(b) contract necessity (limited cases)
4.2. If relying on legitimate interests, complete and attach Legitimate Interest Assessment (LIA):
(a) Purpose test;
(b) Necessity test;
(c) Balancing test and safeguards.
4.3. Transparency obligations:
(a) publish internal privacy notice;
(b) place clear signage before monitored zones;
(c) provide contact for rights requests;
(d) document how rights requests are handled.
5. Necessity and Proportionality
5.1. Explain why less intrusive means are insufficient: [INSERT].
5.2. Minimization choices (complete as applicable):
- Still-image snapshots only (no continuous stream)
- Lowest workable resolution
- Lowest workable capture frequency
- No audio capture
- Excluded zones (break rooms, sanitary areas, private spaces)
- No biometric identification / facial recognition
- Metadata stripping/downscaling before storage
5.3. Access limitation:
- Role-based access
- Need-to-know permissions
- Access logging enabled
- Periodic access review
6. Security and Organizational Measures (Article 32 GDPR)
6.1. Baseline controls: (a) HTTPS only (TLS 1.2+);
(b) secret-based webhook auth;
(c) optional HMAC + timestamp anti-replay;
(d) rate limiting and request-size/pixel limits;
(e) secure private storage (non-public paths, restricted permissions);
(f) audit logs for webhook create/update/delete/rotation;
(g) incident response and breach workflow.
6.2. Additional controls selected for this deployment:
- Client-hash binding enabled
- Short secret rotation cycle (every [X] days)
- Automatic account lock/risk alerts
- Download endpoint throttling
- Integrity checksum validation
- EU-only hosting region
7. Data Subject Rights Handling (Articles 12-23 GDPR)
7.1. Rights covered: access, erasure, restriction, objection, complaint handling.
7.2. Rights contact channel: [INSERT EMAIL/PORTAL].
7.3. Internal SLA for responses: [INSERT DAYS].
7.4. Deletion workflow for camera snapshots: [INSERT PROCESS].
8. Risk Assessment Table
| Risk | Impact | Likelihood | Inherent Risk | Mitigations | Residual Risk |
|---|---|---|---|---|---|
| Unauthorized webhook upload | Medium/High | Medium | High | Secret auth, HMAC, replay checks, rate limiting | Medium/Low |
| Secret leakage | High | Medium | High | Rotation, owner notifications, compromise runbook | Medium |
| Excessive data capture | High | Medium | High | Resolution/frequency minimization, zone exclusions, retention limits | Medium |
| Unauthorized internal viewing | High | Medium | High | RBAC, audit logs, periodic access review | Medium/Low |
| Cross-border transfer risk | High | Low/Medium | Medium | EU hosting or SCC + supplementary safeguards | Low/Medium |
9. Residual Risk Decision
9.1. Residual risk level after mitigations: [LOW / MEDIUM / HIGH].
9.2. DPO review completed: [YES/NO].
9.3. If residual risk remains high, escalate for Article 36 prior consultation.
10. Governance and Review
10.1. DPIA owner: [INSERT ROLE].
10.2. Next review date: [INSERT DATE].
10.3. Trigger immediate review upon: (a) new camera locations;
(b) changed purpose;
(c) increased retention/frequency/resolution;
(d) security incident;
(e) new integration or transfer mechanism.
Annex A - Short Signage Template (On-site)
Camera Snapshot Monitoring Area
Controller: [INSERT ENTITY NAME]
Purpose: [security / operations / incident response]
Legal basis: [Art. 6(1)(f) GDPR legitimate interests / other]
Data retention: [INSERT PERIOD]
Rights/contact: [INSERT EMAIL/PHONE]
More information: [INSERT PRIVACY NOTICE URL]
Annex B - Extended Signage + Notice Text (QR/Link Page)
B.1 Mandatory transparency content
- Identity and contact details of controller
- Contact details for privacy requests/DPO (if appointed)
- Purpose(s) of monitoring
- Lawful basis (Art. 6 GDPR)
- Legitimate interests pursued (if Art. 6(1)(f))
- Recipients/categories of recipients
- Retention period
- Transfer details (if any outside EEA/UK)
- Data subject rights and complaint right to supervisory authority
- Source of data (camera snapshots/webhook metadata)
B.2 Example extended notice (editable)
"This area is monitored via periodic camera snapshots for [INSERT PURPOSE]. [CONTROLLER NAME] is the data controller. The lawful basis is [INSERT BASIS]. Snapshots and related security metadata are retained for [INSERT PERIOD] or shorter where no longer necessary. Access is limited to authorized personnel. You may exercise your rights under GDPR (including access, erasure, objection, and restriction) by contacting [INSERT CONTACT]. You may also lodge a complaint with the competent supervisory authority."