What's the maximum video retention allowed under GDPR?

GDPR doesn't specify a maximum, but the principle of data minimization suggests you should not keep footage longer than necessary. Most EU organizations use 7-30 days for public areas. Banks and public security may use longer periods with business justification. Italy's Garante requires max 7 days for most cases, max 24 hours for banking.

Can I place cameras in employee areas under GDPR?

Yes, but only if there's a legitimate business purpose (security, loss prevention). You cannot monitor restrooms, changing rooms, or medical facilities. Employees must be informed via signage and privacy policies. Retention should be minimal (7-14 days for most cases).

How does HIPAA affect security camera design?

HIPAA requires: (1) no cameras in patient care areas, restrooms, or private spaces; (2) secure network isolation if cameras access patient networks; (3) audit logs for all access to video; (4) minimum 6-year retention for evidence; (5) encryption of stored and transmitted video if it contains PHI.

COMPLIANCE · CCTVPLANNER

Design Security Systems with Regulatory Validation

Validate your security designs against GDPR, HIPAA, PCI-DSS, NDAA, and regional compliance requirements. Automatic checking of camera placement, retention policies, equipment restrictions, and network architecture.

SIX CAPABILITIES · COMPLIANCE FIRST

Complete Compliance Validation

Multi-Region Standards

Support for GDPR (EU), HIPAA (US Healthcare), PCI-DSS (Payment Systems), ISO 27001, and industry-specific regulations.

Data Retention Validation

Automatic checking of video retention periods against regulatory minimums and maximums. Alert when retention violates compliance.

Camera Restrictions

Validate camera placement against privacy laws: no restrooms, changing rooms, medical procedures. Different rules per region.

Network Architecture

Ensure VLAN segmentation, firewall rules, and network isolation meet compliance requirements for data protection and access control.

Equipment Restrictions

Validate that equipment (cameras, NVRs) meets NDAA, sanctions, and government procurement restrictions by region.

Audit & Documentation

Generate compliance reports, equipment certifications, and design documentation for audits and client presentations.

SUPPORTED FRAMEWORKS

Compliance Standards We Support

GDPR (EU)

General Data Protection Regulation: video retention, consent, right to privacy. Max retention 30 days for most cases.

HIPAA (US)

Healthcare compliance: secure camera placement, network isolation, audit trails, and 6-year minimum retention for PHI.

PCI-DSS (Payment)

Payment Card Security: camera coverage of payment terminals, 1-year retention, quarterly compliance checks.

ISO 27001

Information Security: risk assessment, access controls, network segmentation, and incident response documentation.

NDAA Compliance

US Government: equipment restrictions on Huawei, ZTE, and other sanctioned manufacturers for federal projects.

Industry-Specific

Education, Transportation, Finance, Healthcare, Government: unique requirements per vertical and jurisdiction.

Start Designing Compliant Security Systems

Select your region and compliance requirements. Get real-time validation as you design. Generate compliance reports for audits and client presentations.