All Posts

    CCTV cameras. They’ve quickly become one of the most integral security solutions for home and business owners the world over.

    In fact, there are an estimated five million security cameras watching over the UK alone according to the British Security Industry Association (BSIA), with an expected one camera for every 14 people - the highest number in Europe.

    But, where any filming is taking place, there is a reasonable expectation for the privacy of those caught on camera. That’s not to say video surveillance of the unknowing public is outlawed entirely; it simply means guidelines must be enforced to protect personal data.

    Jump To

    Whether in a home or commercial setting, as the owner of a CCTV system it’s your responsibility to legally manage surveillance footage and any personal information that your system records - and this can be a daunting task.

    This blog will offer a 101 guide to CCTV law in the home and business environment. We’ll walk you through the considerations needed to ensure your surveillance system is above-board and legally compliant.

    Free CCTV camera for schools, colleges and universities

    What is CCTV Law?

    In the UK, the guidelines for private CCTV surveillance usage fall under the jurisdiction of the Information Commissioner’s Office (ICO)

    It’s their mission to ensure that CCTV cameras across the nation comply with two key personal data protection laws: The General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).

    Video footage of individuals counts as personal data - that’s the bottom line. Recording this data is simply unavoidable for any CCTV system in a public setting. For this reason, The DPA and GDPR apply to every single camera that captures footage in a public space or outside of a private residential boundary. 

    These laws are designed to ensure CCTV systems are used responsibly, and with the protection of personal data and adequate respect for privacy in mind. They also give individuals the right to see the information that’s stored about them, whether that be private documentation or indeed video surveillance footage.

    Under data protection law, CCTV footage must be:

    • Processed fairly and lawfully
    • Recorded for specific, outlined purposes
    • Accurate and up to date 
    • Kept for no longer than necessary
    • Secured against accidental loss, destruction or damage
    • Processed in line with the rights of the individual

    Failure to comply with the above data protection regulations may result in enforced action from the ICO, which potentially includes fines or legal proceedings by affected individuals. In short, you need to take care to ensure your system meets GDPR compliance and data standards.

    HubSpot Video

    Is it Legal to use CCTV at Home?

    Not all residential CCTV systems need to comply with GDPR and DPA regulation. These laws typically don’t apply to video surveillance systems that only cover the homeowners’ property.

    As long as the camera records footage within the boundary of your property - including front porches and back gardens - your system will be legally above-board and compliant with relevant data protection laws.

    However, when the cameras are in a position to record images beyond the user’s boundary such as a neighbour’s garden, public footpaths or the street outside, the DPA and GDPR laws will apply. For example, if you have a camera which slightly captures another person’s private property, they may have sufficient grounds to make a privacy violation claim against you.

    This doesn’t necessarily mean you’re breaking the law, it simply means that you’ve become a data controller, so must comply with the legal requirements to protect that person and their privacy.

    Though, any residential CCTV camera that captures images beyond your own property  should be justifiable. Off-the-cuff public surveillance spying isn’t permitted by UK law and if questioned by the ICO, you’ll need to have a well-founded, legally-sound reason for doing this.


    How can I use Home CCTV Responsibly?

    Installing a CCTV camera on your property can cause tension with your neighbours, so it’s generally recommended that you inform them of your surveillance plans before having the system installed - though it’s equally important to understand your own rights.

    A neighbour, visitor or member of the public has no right to prevent you from installing a CCTV system or video recording device on your property, unless they can clearly evidence that their own privacy will be breached or intruded upon.

    To make it easier to understand and adhere to the data protection laws, the ICO has outlined a consideration checklist  for responsible CCTV use. Before installing a system on your property, you should ask yourself:

    • Do I really need CCTV to protect my property?
    • What areas do I want to monitor and why?
    • Will my cameras intrude on neighbours’ property or any shared, public space?
    • Is there a justifiable reason to film outside of the property boundary?
    • Do I need to record the images, or will a live feed suffice?
    • Have I informed my neighbours of CCTV usage and considered their response?

    CCTV systems are an excellent deterrent against trespassing and antisocial behaviour, and usually, adherence to the law simply comes down to camera positioning. As we’ve mentioned, with home CCTV law, it’s generally a case of striking a balance between property surveillance and respect for the privacy of those surrounding your home. 

    Through a professional installation, you’ll be better positioned to understand how cameras may be placed to offer full monitoring and coverage of your property, without encroaching on neighbours or the public. This keeps your home both physically and legally secured. 


    What are the Laws for using CCTV in a Business?

    Unlike residential CCTV systems, video surveillance in a business or commercial setting must always comply with the outlined GDPR and DPA laws.

    Whether being used to record members of the public in a retail store or members of staff in an office block, people’s private data is usually at stake in the work setting - and there’s a reasonable expectation for privacy, confidentiality and camera identification.

    As a rule, one nominated individual within the company should be responsible for storage, video reviews, maintenance and protection of your surveillance footage. Video footage of the public still counts as private data, so care must be taken to make sure it is protected from unauthorised access or unexplained loss. 

    While using CCTV in a commercial environment is generally an advised means of securing your place of work, failure to consider the GDPR basics will present glaring pitfalls for your business. Employers looking to install any kind of video surveillance system in their building must adhere to the following under UK law:
    1. Register as a data controller and notify the ICO with an outlined purpose for CCTV surveillance in the workplace.
    3. Notify employees  that they’re being recorded through clear and visible signs in areas where surveillance is active. Signage should define: who is responsible for the video monitoring, why it’s being recorded and how individuals can access their footage. 
    5. Ensure cameras are not installed in private areas of the building where there is an adequate expectation of privacy, like toilets or changing rooms. Failure to comply with this is a blatant breach of the Voyeurism Act 2019.
    7. If an individual asks to see the recorded footage featuring them - be this customer or member of staff - businesses must comply with this request. This does not apply to footage that doesn’t feature the individual. 
    9. Footage retention times are clearly outlined and identifiable. By law, video data should be kept no longer than absolutely necessary for use in legal proceedings, insurance claims or any other authorised, ICO-approved purpose. Irrelevant data should be regularly checked and cleared out. 


    What are the Consequences of Breaking CCTV Law?

    The Data Protection Act and General Data Protection Regulations are taken incredibly seriously by the ICO and a breach of these laws could result in fines of up to £500,000, or in some instances, criminal charges. 

    In addition to legal punishment, breaching data privacy laws can also have a lasting damaging impact on a business’ relationship with its staff and customers. If recording equipment is installed without notifying members of staff, this could lead to significant HR teething problems and reduced employee trust. 

    Similarly, a lack of adequate signing around monitoring zones may also tarnish the reputation of a business amongst customers and visitors. Essentially, it’s crucial that wherever CCTV is in use, this is recognised, displayed and identifiable. Covert surveillance is generally seen as spying and simply doesn’t align with fair data protection practice.

    If the nature of your video monitoring is naturally intrusive or placed in areas where there is a reasonable expectation of privacy like a bathroom or changing room, you are infringing on the natural rights of your employees - opening up the scope for even further legal action. In this scenario, they’ll be able to take you to court under the Human Rights Act 1998, Data Protection Act or even the Voyeurism Act to name but a few.

    Final Thoughts

    As CCTV surveillance systems become commonplace in our home setting, it’s easy to underestimate the importance of sound data protection practice - but this can be a costly, regrettable afterthought. 

    Effective CCTV positioning is JUST as important as proper usage. If your CCTV cameras are infringing on private property, you’re making yourself vulnerable to legal claims and potential privacy violations from those bordering your premises.

    If you care about the security of your home or workplace, and equally want the peace of mind that your system adheres to the relevant data law, our CCTV experts are here to help.  

    At Chris Lewis we specialise in fully operational and GDPR-primed CCTV system installations. Our team is fully trained in the latest CCTV technology and data regulation practice, and perfectly aligned to support the maintenance, upgrade, extension or rejuvenation of your CCTV system.

    Don’t get caught out...Get in touch with our security experts today.

    Submit the below form and we will get back to you very shortly.

    Luke Lewis-Rippington
    I run our sales, technical design and marketing initiatives for the business. I work closely with manufacturers and trade associations to keep abreast with the latest technology and regulations making sure our clients are getting the very best and latest systems available.