Table of Contents
As a business owner, you must be aware of the need for good site security. Most business owners utilise CCTV systems to protect goods and items. The General Data Protection Regulations (GDPR) sets out essential legal implications for CCTV because CCTV footage constitutes personal data under GDPR. Failure to handle personal data can result in the Information Commissioner’s Office issuing a hefty fine. This article will explore legal requirements covering the use of CCTV to ensure your company uses it in a way that is likely to avoid ICO enforcement action.
Why Use CCTV?
Businesses in England use CCTV for a number of reasons, including because:
- it acts as a deterrent against crime or unlawful behaviour;
- good quality CCTV footage is potential evidence for any criminal or disciplinary proceedings; and
- it gives business owners peace of mind about what is happening in various parts of the premises at a particular time.
Whilst the advantages are apparent, there are legal implications for CCTV system use regarding data protection compliance. Let us consider some fundamental data protection rules regarding CCTV usage.
Data Protection Impact Assessment
If you have a CCTV system, you should complete a Data Protection Impact Assessment (DPIA). A DPIA is a procedure that helps your business identify and minimise data protection-related risks when using a CCTV system.
Most DPIAs involve the following steps:
- a description of the nature, scope and purpose of the CCTV system;
- an assessment of the necessity and proportionality of the system, including the location of the cameras;
- identification of the risks to individuals, such as privacy-related hazards; and
- a summary of valuable measures to combat any threats identified (for example, not placing cameras within restrooms or any location with an expectation of privacy).
Any CCTV system operated without a prior DPIA t in place may breach the GDPR and risk a future fine by the ICO.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Protection of CCTV Recordings
Your business is responsible for safeguarding CCTV recording data from unauthorised access or theft. CCTV video footage is particularly sensitive and confidential because it can provide detailed information about an individual’s location and movements.
Sensible Placement of CCTV Cameras
Given the sensitive nature of CCTV recordings, one of the legal implications of CCTV use means you can only install CCTV in sensible areas. For example, a room containing a cash safe or any locker room where staff leave their valuables. Similarly, any locations with a reasonable expectation of privacy, such as toilets and changing rooms, should not usually have cameras present.
LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.
Avoid Keeping Data Longer Than Necessary
Many business owners fall into the trap of performing an initial DPIA, installing the cameras and thinking that is all that is necessary. However, the ICO requires companies in England to continuously review the placement and use of CCTV cameras.
So, for example, imagine installing a camera in a particular location to catch an individual stealing from employee lockers. The reason for that camera may lapse upon catching the thief and dismissing them.
Inform Staff of the Reasons for CCTV
As CCTV constitutes a form of personal data under the GDPR, you should warn staff of the system before its installation. If staff join your organisation after the CCTV system is operational, inform them of it within their induction.
Your company must also inform staff why it requires the CCTV system, with some businesses choosing to do so within a written policy. The usual reasons relate to preventing crime or protecting company property from theft. It can also protect your staff and discourage violence in the workplace.
Finally, your business should also place CCTV warning signs within a reasonable distance of the cameras to remind staff and the public of their placement.
Key Takeaways
CCTV systems are vital to most companies in England. However, there are legal implications regarding using them in terms of data protection. For example, you must inform staff about their use and place them in sensible places. Following the legal rules about CCTV helps your organisation avoid the risk of a fine from the Information Commissioner’s Office.
If you need help ensuring the lawful use of a CCTV system, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
A Data Protection Impact Assessment (DPIA) aids your business in identifying and minimising data protection-related risks in terms of using your CCTV system.
Yes, some businesses in England install CCTV in public areas to protect staff and act as a deterrent against violence against employees.
We appreciate your feedback – your submission has been successfully received.