FYI... this appears to be the requirement
Suilvision has compiled the following points to assist in ensuring your business has guidelines to meet the new GDPR Regulations.
All businesses will need to put a risk assessment in place to state the purpose of any ANPR Cameras on site, for example if you are placing cameras on your site to monitor vehicle movements for the purpose of security, access control, vehicle matching or statistical data gathering this will need to be recorded in your risk assessment. If you have installed an ANPR camera system to monitor employees vehicles you must inform the employee highlighting the requirement of the system.
the right to be informed
Signage must be visible to all persons on site stating that ANPR Cameras are in place. It should also state the purpose for the data being collected. It should also detail a contact number for anyone who requires additional details.
request for personal data
Anyone who has had their vehicle captured on ANPR has the right to request their personal data and to ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested. If other vehicles are visible in the image, image redaction should be provided i.e blur out the licence plate of the other vehicles in the image.
The Police may request data from your ANPR system to assist with their normal duties.
If the ANPR companies monitor systems they act as Data Processors under GDPR. “Clients of the ANPR company should have a contract in place which details what the ANPR company may do with the data; what security standards should be in place and what verification procedures may apply.” Any subcontractors working on your behalf, e.g Security companies or Engineers must follow this procedure.