Skip to content
LegalVision UK

Legal Implications of Using CCTV in the Workplace in England

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

As a business owner, you must be aware of the need for good site security. Most business owners utilise CCTV systems to protect goods and items. The General Data Protection Regulations (GDPR) sets out essential legal implications for CCTV because CCTV footage constitutes personal data under GDPR. Failure to handle personal data can result in the Information Commissioner’s Office issuing a hefty fine. This article will explore legal requirements covering the use of CCTV to ensure your company uses it in a way that is likely to avoid ICO enforcement action.

Why Use CCTV?

Businesses in England use CCTV for a number of reasons, including because:

  1. it acts as a deterrent against crime or unlawful behaviour;
  2. good quality CCTV footage is potential evidence for any criminal or disciplinary proceedings; and
  3. it gives business owners peace of mind about what is happening in various parts of the premises at a particular time.

Whilst the advantages are apparent, there are legal implications for CCTV system use regarding data protection compliance.  Let us consider some fundamental data protection rules regarding CCTV usage.

Data Protection Impact Assessment

If you have a CCTV system, you should complete a Data Protection Impact Assessment (DPIA). A DPIA is a procedure that helps your business identify and minimise data protection-related risks when using a CCTV system.

Most DPIAs involve the following steps:

  1. a description of the nature, scope and purpose of the CCTV system;
  2. an assessment of the necessity and proportionality of the system, including the location of the cameras;
  3. identification of the risks to individuals, such as privacy-related hazards; and
  4. a summary of valuable measures to combat any threats identified (for example, not placing cameras within restrooms or any location with an expectation of privacy).

Any CCTV system operated without a prior DPIA t in place may breach the GDPR and risk a future fine by the ICO.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Protection of CCTV Recordings

Your business is responsible for safeguarding CCTV recording data from unauthorised access or theft. CCTV video footage is particularly sensitive and confidential because it can provide detailed information about an individual’s location and movements.

Sensible Placement of CCTV Cameras

Given the sensitive nature of CCTV recordings, one of the legal implications of CCTV use means you can only install CCTV in sensible areas. For example, a room containing a cash safe or any locker room where staff leave their valuables. Similarly, any locations with a reasonable expectation of privacy, such as toilets and changing rooms, should not usually have cameras present.

Front page of publication
UK Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now

Avoid Keeping Data Longer Than Necessary

Many business owners fall into the trap of performing an initial DPIA, installing the cameras and thinking that is all that is necessary. However, the ICO requires companies in England to continuously review the placement and use of CCTV cameras.

So, for example, imagine installing a camera in a particular location to catch an individual stealing from employee lockers. The reason for that camera may lapse upon catching the thief and dismissing them.

Inform Staff of the Reasons for CCTV 

As CCTV constitutes a form of personal data under the GDPR, you should warn staff of the system before its installation. If staff join your organisation after the CCTV system is operational, inform them of it within their induction.

Your company must also inform staff why it requires the CCTV system, with some businesses choosing to do so within a written policy. The usual reasons relate to preventing crime or protecting company property from theft. It can also protect your staff and discourage violence in the workplace.

Finally, your business should also place CCTV warning signs within a reasonable distance of the cameras to remind staff and the public of their placement.

Key Takeaways

CCTV systems are vital to most companies in England. However, there are legal implications regarding using them in terms of data protection. For example, you must inform staff about their use and place them in sensible places. Following the legal rules about CCTV helps your organisation avoid the risk of a fine from the Information Commissioner’s Office.

If you need help ensuring the lawful use of a CCTV system, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page

Frequently Asked Questions

What is a Data Protection Impact Assessment)?

A Data Protection Impact Assessment (DPIA) aids your business in identifying and minimising data protection-related risks in terms of using your CCTV system.

Can my company use reasoning other than crime prevention to install CCTV?

Yes, some businesses in England install CCTV in public areas to protect staff and act as a deterrent against violence against employees.

Register for our free webinars

Selling a Business: Tips for a Successful Sale

Online
Selling your business? Learn essential tips to reduce risk and achieve a successful sale. Register for our free webinar today.
Register Now

How to Recover Unpaid Debts from Customers and Suppliers

Online
Struggling with unpaid debts? Discover your options. Register for our free webinar today.
Register Now

Preventing Employee Competitors: How to Protect Your Business

Online
Learn how to protect your business from employee competitors. Register for our free webinar today.
Register Now

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Does My Business in England Need a CCTV Policy?

Does the ICO Make it Too Risky for My Company to Use CCTV in England? 

I Run a Yoga Studio in England.  Do I Need a CCTV Policy?

What Data Protection Rules Apply to CCTV Within Your Workplace in England

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards