Skip to content

Is Audio Recording Permitted Within My Company’s Premises in the UK?

Table of Contents

As a business owner, you know the importance of ensuring good security at your work premises.  Many businesses in the UK use CCTV systems for security purposes to protect their staff, money and company property.  However, there is an increasing trend toward using audio recording alongside CCTV video cameras for added security.

This article will explore the circumstances in which your organisation can safely use audio recording technology in the workplace in full compliance with the General Data Protection Regulation (GDPR).  This should help your company avoid the risk of a hefty fine from the Information Commissioner’s Office (ICO) for GDPR violations.

The General Data Protection Regulation 

The GDPR is data protection legislation that applies to UK organisations. Its primary purpose is to ensure that all identifying information (known as ‘personal data’) is processed and handled sensibly and securely.

The GDPR uses a broad definition of ‘personal data’. This definition includes;

  • phone numbers;
  • biometric data;
  • photographs;
  • email addresses;
  • CCTV footage; and 
  • audio recordings.

The Information Commissioner’s Office

The ICO exists to investigate alleged breaches of the GDPR. If the ICO concludes that an organisation has committed a GDPR violation, it will consider imposing a fine of up to £17.5m. The ICO has made numerous headlines over hefty financial penalties in the millions of pounds and is not shy of issuing these.

Naturally, most UK businesses will do their utmost to avoid a fine.

Front page of publication
UK Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now
Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

How Can My Company Safely Use Audio Recordings in the UK?

The majority of UK businesses use CCTV systems on their premises, and modern CCTV systems tend to include audio recording.

There are two main types of audio recording systems within UK companies:

  1. a CCTV system with audio recording built into the camera network; and
  2. a discreet audio recording device absent visual cameras.

Audio recordings mean you can have better control over your premises. However, they are classed as personal data as you can use a person’s voice to identify them, which is voice data. Additionally, the conversation itself could contain information confidential to that data subject and involve details they would not wish others to hear. 

CCTV systems utilising audio data are high risk compared to visual-only CCTV footage and contain sensitive data. This is because they record more information than an image-only device and risk breaching an individual’s right to privacy. Therefore, your organisation must ensure audio recordings comply with the GDPR by taking the following steps::

  1. carry out a Data Protection Impact Assessment (DPIA);
  2. inform individuals of audio recording devices;
  3. delete audio recordings when no longer necessary; and
  4. ensure robust and secure storage of audio data.

These steps are detailed below.

1. Data Protection Impact Assessment 

A DPIA is a review aiming to help your company identify data protection risks, including potential GDPR and Data Protection Act breaches.

In relation to audio recordings, a DPIA should consider the following:

  1. whether audio recordings are essential for your business;
  2. the lawful basis and legitimate interests justifying the audio recording devices;
  3. what risks the audio recordings pose to individuals and steps taken to minimise these; and
  4. the scope and size of the audio recording network.

Audio recordings are only likely to be considered necessary if they serve a fundamental and essential purpose.  Many businesses state that the primary purpose of audio recording is to assist in crime prevention. However, this will only be lawful if the devices are outside areas with a reasonable expectation of privacy, such as a bathroom.

The risk to individuals from an audio recording is wider than a visual-only CCTV system. It could give a business access to innocent and private conversations between staff members.  

The ICO believes that businesses should only use audio recordings in areas where they may aid the prevention of crime and not, for example, in a staff room to pick up workplace gossip.

2. Audio Recording Notification

Your business should ensure that it notifies staff of audio recording devices within a reasonable distance of each device. A warning sign similar to CCTV warning signs is usually sufficient.

Some organisations also publish a written policy warning of audio recordings within the premises. Most of these policies will confirm where the audio recording devices are and are not.

3. Deletion of Audio Recording Data

One of the main principles of the GDPR is to delete data when no longer necessary. In this way, your company will likely have no lawful reason for keeping audio recordings from three years ago unless they form part of an active disciplinary investigation (or similar).

The ICO is particularly keen on deleting audio data, given the vast amount of information within any audio recording and the chance of picking up private conversations.

4. Secure Storage of Audio Recordings

Given the high level of detail and risk of capturing private information by audio recording devices, the ICO is keen for all data to be securely stored.  

If your business fails to take active security measures such as password protection and encrypting audio data, the ICO will consider the imposition of a hefty fine.

Key Takeaways

Your business must follow GDPR rules when handling personal data that could identify a person. Audio recordings contain an individual’s voice and discussion of verbal information, whether through a listening device or a CCTV camera. Any violation of GDPR rules regarding audio recordings threatens a hefty fine of up to £17.5m from the ICO. Therefore, your business needs to be transparent about audio recording monitoring systems.

If you need help using audio recording technology legally, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.  

Frequently Asked Questions

Why are audio recordings treated as personal information?

This is because you can use a person’s voice (known as voice data) to identify them, and the conversation could contain confidential information about that data subject.

Why are audio recordings treated as sensitive data?

CCTV systems utilising audio data are high risk and contain sensitive data as they record more information than an image-only device and risk breaching an individual’s right to privacy

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards