Skip to content

Does My Business in England Need a CCTV Policy?

Table of Contents

Most businesses use Closed Circuit Television systems (CCTV) on their premises to record crime, prevent theft or ensure staff safety. As CCTV footage contains personal data, your business must be aware of its obligations to manage that data. The General Data Protection Regulation (GDPR) restricts the use of CCTV in specific ways. Having a CCTV policy in place can help your business demonstrate its intention to comply with data protection rules. This article will explore the advantages of having a CCTV system on your premises, the data protection rules you must comply with and why you must have an effective CCTV policy in place. 

Usefulness of CCTV for My Business

CCTV is used to carry out video surveillance in certain parts of your premises. For example, if you have a safe containing cash or a warehouse filled with expensive goods, CCTV cameras can deter thieves and help protect these items. This is particularly true if you place your cameras near prominently displayed CCTV warning signs. Furthermore, you can use CCTV footage as evidence in a disciplinary or criminal process.  

Data Protection Requirements

The GDPR governs the processing and use of CCTV information. Every time your organisation stores video data, it must comply with data protection laws. The GDPR classifies CCTV footage as ‘personal data‘ and limits how you use it on your premises. Your business should therefore ensure it:

  • securely stores all CCTV video recordings;
  • carries out a data protection impact assessment before using a CCTV system;
  • only holds the CCTV video data for as long as necessary; and
  • gives adequate warning of the CCTV system, such as appropriate signage near the cameras. 

The data protection rules also restrict the purpose of your CCTV recordings. Your business should only use CCTV if you can explain the benefits of doing so. Acceptable benefits of CCTV use include: 

  • crime prevention;
  • safeguarding business property; or 
  • protecting sensitive information.   

For example, you can place CCTV in a room holding valuable IT equipment or your IT mainframe without breaching GDPR requirements.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Implementing a CCTV Policy

A CCTV Policy is a document describing the reasons for your CCTV system and explaining your business will use the recorded data. A CCTV policy should cover the following points:

  • confirm that all information recorded on CCTV will be stored securely and kept only as long as necessary;
  • establish the exact purpose of having the CCTV system;
  • state the areas covered by CCTV;
  • explain that appropriate signage has been placed around the premises reminding individuals of the CCTV cameras;
  • confirm that you will give staff advance notice before adding further CCTV cameras; and
  • provide contact details for the data controller (the individual in charge of the information on behalf of your business).

A well-drafted CCTV policy indicates your business’s intention to comply with GDPR rules. This is essential in case the Information Commissioner’s Office (ICO) investigates your business.

The ICO is the independent body responsible for enforcing data protection rules in England. They can issue hefty fines to organisations not complying with the GDPR. Many penalties are in the region of thousands (or tens of thousands) of pounds, so you should be proactive regarding GDPR requirements. By implementing a CCTV policy, your business can ensure that your CCTV use is GDPR-compliant and avoid fines.

Displaying CCTV Warning Signs

Data protection rules in England (and human rights laws) do not support businesses secretly surveilling individuals. Therefore, you should avoid covert monitoring and give prior warning of any CCTV system.

As one of the main reasons for a CCTV system is to deter criminal or improper behaviour, the CCTV signage can be almost as effective as the cameras themselves.

However, your business may be able to carry out covert surveillance where it genuinely suspects serious criminal activity in the workplace. For example, if you strongly believe that a staff member is selling drugs from their locker in the staff room, you may be justified in placing a hidden camera facing their locker. Once that suspicion has been proven true or false, you should remove the hidden camera immediately.  

Key Takeaways

Businesses can benefit from using CCTV systems on their premises to deter improper or criminal behaviour and to have evidence in a criminal case. However, if your business chooses to use CCTV, you must have a strong CCTV policy and inform staff beforehand. Following the rules of a well-drafted CCTV policy can help your organisation defend any future ICO investigation into CCTV system misuse. 

If you need assistance with your rights and obligations regarding CCTV systems and CCTV policies, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

What else should my business consider when weighing up the use of a surveillance system?

Your business should consider the quality of the cameras. There is no point in having a solid CCTV policy and good camera location if the cameras have low image quality. Ideally, you should  purchase a system that enables you to identify individuals’ faces.

What other legitimate interests exist for having a CCTV system other than theft?

Other legitimate uses of surveillance cameras include monitoring hazardous equipment or helping safeguard a food production line against contamination.

Register for our free webinars

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards