Skip to content
LegalVision UK

How Should My Business in the UK Warn Individuals About CCTV Camera Usage?

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

Most UK business owners use CCTV systems to safeguard employees and protect company property and cash. However, some organisations fall foul of the General Data Protection Regulation (GDPR) rules regarding CCTV use. Unfortunately, GDPR violations can cost UK businesses large sums of money through fines by the Information Commissioner’s Office (ICO). This article will explore the best ways to notify individuals about security cameras, so your organisation can do so in a way that is likely to comply with the GDPR. Furthermore, doing so will help your business mitigate the risk of a hefty financial fine.

What is the GDPR?

The General Data Protection Regulation (GDPR) sets data protection rules for organisations in the UK. These rules include the safe use and handling of video footage and audio recordings, such as closed-circuit television. Any breach of these rules can result in a fine.

The GDPR requires every business operating CCTV technology in the UK to undertake a Data Protection Impact Assessment (DPIA). This type of risk assessment demonstrates that your business understands the privacy risks to individuals and is taking appropriate steps to mitigate them. A DPIA also records the reasons for the CCTV surveillance. If, for example, your retail store has recently suffered numerous item thefts, you can name crime prevention as your primary reason.

Overall, the GDPR places the following requirements on your business regarding its video cameras.

Proportionate Use

Your use of video surveillance must be proportionate. Thus, if you are only worried about vandalism to cars in your car park, your sole CCTV cameras should be in the car park.

Reasonable Expectations of Privacy

Your company must not use cameras in settings with a reasonable expectation of privacy. For example, your business must prove genuinely exceptional circumstances to safely use recording devices in a bathroom or changing room.

Transparency

Your business must be fully transparent about its use of CCTV cameras. Generally, you can achieve this through the effective use of warning signage.  

This last principle is the one we will explore in the most detail within this article.  

Who Are the ICO?

The ICO is an independent body with the power to investigate any potential violations of the GDPR or Data Protection Act. If the ICO believes a UK business has violated GDPR rules, it can award them a fine of up to £17.5m.

The ICO believes CCTV footage to be worthy of robust protection because misuse of CCTV systems can constitute a massive breach of privacy. So, for example, any company that uses its CCTV network to record staff having private conversations about management and then using that information to harass them would face a sizeable fine.

Because of this, the ICO expects all UK businesses to consider any measures short of CCTV first. However, it accepts that most UK organisations require CCTV for crime prevention reasons, so it looks to police its use instead.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

What Requirements Exist Regarding CCTV Warning Notices?

Whilst the GDPR does not set exact requirements for CCTV warning signs, the ICO has commented on this within its guidance and past decisions.

In general, the ICO will expect your business to take the following measures:

  • place CCTV signage near the cameras, particularly in public places;
  • ensure the CCTV warning signs use large font and stand out (usually through the use of capital letters and a prominent CCTV symbol);
  • place a telephone number on the sign for the CCTV operator, so an individual can ring the number to enquire about the purpose and use of CCTV; and
  • make sure the signs are at eye level as far as possible and not hidden behind obstacles.

Essentially, any CCTV sign that is not obvious and easy to spot is unlikely to receive much credit from the ICO.

Key Takeaways

The GDPR and ICO permit businesses to operate CCTV systems. However, such businesses must comply with data privacy when doing so. This means that your system is used fairly and with appropriate transparency. The transparency principle underpins the requirement to display appropriate CCTV warning signage. Additionally, your organisation will likely benefit from displaying warning signs because this is a partial deterrent against unlawful behaviour near the cameras.  

Due to the ability of the ICO to hand down fines of up to £17.5m for GDPR violations, including those related to CCTV systems, many business owners obtain expert legal advice.  

If you need help ensuring your CCTV system is GDPR compliant, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.  

Frequently Asked Questions

How broad is the crime prevention justification for CCTV monitoring?

The ICO acknowledges that many UK businesses operate CCTV systems to discourage criminal activity inside or near their premises.

Are there any rules as to the type of CCTV cameras permitted?

No, the ICO treats CCTV recordings fairly equally regardless of resolution. However, the ICO will treat systems with facial recognition or audio recording as much more sensitive data (and worthy of additional protection).

Register for our free webinars

Preventing Employee Competitors: How to Protect Your Business

Online
Learn how to protect your business from employee competitors. Register for our free webinar today.
Register Now

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Does the ICO Make it Too Risky for My Company to Use CCTV in England? 

Does My Business in England Need a CCTV Policy?

How Can My UK Company Avoid Invasions of Privacy Through CCTV Cameras?

I Run a Yoga Studio in England.  Do I Need a CCTV Policy?

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards