Table of Contents
Most businesses use Closed Circuit Television systems (CCTV) on their premises to record crime, prevent theft or ensure staff safety. As CCTV footage contains personal data, your business must be aware of its obligations to manage that data. The General Data Protection Regulation (GDPR) restricts the use of CCTV in specific ways. Having a CCTV policy in place can help your business demonstrate its intention to comply with data protection rules. This article will explore the advantages of having a CCTV system on your premises, the data protection rules you must comply with and why you must have an effective CCTV policy in place.
Usefulness of CCTV for My Business
CCTV is used to carry out video surveillance in certain parts of your premises. For example, if you have a safe containing cash or a warehouse filled with expensive goods, CCTV cameras can deter thieves and help protect these items. This is particularly true if you place your cameras near prominently displayed CCTV warning signs. Furthermore, you can use CCTV footage as evidence in a disciplinary or criminal process.
Data Protection Requirements
The GDPR governs the processing and use of CCTV information. Every time your organisation stores video data, it must comply with data protection laws. The GDPR classifies CCTV footage as ‘personal data‘ and limits how you use it on your premises. Your business should therefore ensure it:
- securely stores all CCTV video recordings;
- carries out a data protection impact assessment before using a CCTV system;
- only holds the CCTV video data for as long as necessary; and
- gives adequate warning of the CCTV system, such as appropriate signage near the cameras.
The data protection rules also restrict the purpose of your CCTV recordings. Your business should only use CCTV if you can explain the benefits of doing so. Acceptable benefits of CCTV use include:
- crime prevention;
- safeguarding business property; or
- protecting sensitive information.
For example, you can place CCTV in a room holding valuable IT equipment or your IT mainframe without breaching GDPR requirements.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Implementing a CCTV Policy
A CCTV Policy is a document describing the reasons for your CCTV system and explaining your business will use the recorded data. A CCTV policy should cover the following points:
- confirm that all information recorded on CCTV will be stored securely and kept only as long as necessary;
- establish the exact purpose of having the CCTV system;
- state the areas covered by CCTV;
- explain that appropriate signage has been placed around the premises reminding individuals of the CCTV cameras;
- confirm that you will give staff advance notice before adding further CCTV cameras; and
- provide contact details for the data controller (the individual in charge of the information on behalf of your business).
The ICO is the independent body responsible for enforcing data protection rules in England. They can issue hefty fines to organisations not complying with the GDPR. Many penalties are in the region of thousands (or tens of thousands) of pounds, so you should be proactive regarding GDPR requirements. By implementing a CCTV policy, your business can ensure that your CCTV use is GDPR-compliant and avoid fines.
Displaying CCTV Warning Signs
Data protection rules in England (and human rights laws) do not support businesses secretly surveilling individuals. Therefore, you should avoid covert monitoring and give prior warning of any CCTV system.
However, your business may be able to carry out covert surveillance where it genuinely suspects serious criminal activity in the workplace. For example, if you strongly believe that a staff member is selling drugs from their locker in the staff room, you may be justified in placing a hidden camera facing their locker. Once that suspicion has been proven true or false, you should remove the hidden camera immediately.
Key Takeaways
Businesses can benefit from using CCTV systems on their premises to deter improper or criminal behaviour and to have evidence in a criminal case. However, if your business chooses to use CCTV, you must have a strong CCTV policy and inform staff beforehand. Following the rules of a well-drafted CCTV policy can help your organisation defend any future ICO investigation into CCTV system misuse.
If you need assistance with your rights and obligations regarding CCTV systems and CCTV policies, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
Your business should consider the quality of the cameras. There is no point in having a solid CCTV policy and good camera location if the cameras have low image quality. Ideally, you should purchase a system that enables you to identify individuals’ faces.
Other legitimate uses of surveillance cameras include monitoring hazardous equipment or helping safeguard a food production line against contamination.
We appreciate your feedback – your submission has been successfully received.