Evercam’s GDPR Commitment

At Evercam, we are committed to safeguarding the privacy and data protection rights of individuals, including those within the European Union (EU). The General Data Protection Regulation (GDPR) represents a significant advancement in data protection laws, and Evercam is dedicated to ensuring that our products and services are fully compliant with GDPR requirements.

Understanding data privacy requires familiarity with certain terms:

Data Subject: An individual whose personal data has been collected.
Data Processing: The operations performed on personal data, whether automated or manual.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the Data Controller.

In simple terms, Evercam is the Data Processor and our Clients are the Data Controllers

Compliance in Practice

As a Data Processor, Evercam diligently adheres to the key principles of the GDPR in the following ways:

  1. Lawfulness, Fairness, and Transparency: A clear signage is placed on site to inform about the video capturing system in place.
  2. Purpose Limitation: Data is captured for legitimate interests such as Health & Safety and Project Management/Fraud Detection.
  3. Data Minimisation: Field of view is focused on capturing the construction progress. Privacy Shields are applied to areas not related to construction activities. 
  4. Storage Limitation: We store footage for typically 3 years due to construction liability periods. However, we follow our clients instructions on retention periods. 
  5. Integrity and Confidentiality: Access rights are restricted. Evercam acts only on written instructions.
  6. Accountability: We keep records of what data we have and where it is stored.


GDPR permits data capture for legitimate purposes. Health & Safety and Project Management (including Fraud Detection) are generally considered legitimate purposes. However, it is the responsibility of the Client (Data Controller) to determine the legitimacy of these purposes.

Legitimate interests can supersede the requirement for individual consent. However, Evercam recommends that it is also covered as part of the site induction process.

They are unaware of their responsibilities as data controller

No, our camera systems are not intended for individual performance management.

Absolutely. Evercam is fully compliant with theGeneral Data Protection Regulation (GDPR). Despite the regulation’s novelty and the ongoing development of formal certification processes, we have ensured that our practices align with GDPR’s requirements.

Generally, these cases have two things in common: the companies either broke or ignored one or more of the GDPR principles, and they did not engage countries with relevant the national data authority.

GDPR governs the entire EU but there may be local legislation that relates to notifying other parties, such as employee representative bodies.

Data privacy legislation is becoming increasingly common. 137 out of 194 countries have some form of data protection legislation.

At Evercam, we are committed to adhering to these roles and complying with GDPR requirements, ensuring that our client’s data is securely handled and their rights are respected throughout the process. We strive to keep our Clients informed about the latest developments relating to the intersection between reality capture and data privacy.

It is important for the Data Controller and Data Processor to clearly understand their roles to ensure the protection of personal data. Misunderstanding or blurring these roles could lead to non-compliance with GDPR, resulting in severe penalties.

Our goal is to build trust between businesses and individuals, fostering a data environment that respects privacy and promotes transparency. Learn more about our commitment to data privacy and join our mailing list for updates.