Get A Free Survey

Call us directly

Monday to Friday from 8am to 5pm

0800 043 6728 Call Now

Request a callback

One of our representatives will reach out to you

    Send us your enquiry

    Our professionals will we get back at you

      Call Us Request a Callback Callback

      14/07/2023

      Legal and Privacy Considerations for CCTV Camera Placement in the Workplace

      CCTV (Closed-Circuit Television) has many benefits to businesses of all sizes, including crime prevention and deterrence, remote monitoring, employee safety and much more. However, the use of this technology comes with several regulations and guidelines to protect the privacy and rights of individuals. Make sure you’re up to date with all relevant information before you make the decision to go ahead with an installation.   

      Navigating Commercial CCTV Legal Requirements for Effective Surveillance  

      Before going ahead with installation, businesses must have a legitimate reason for using CCTV, such as crime prevention, public safety, or safeguarding property. The purpose for using CCTV should be documented and communicated to individuals as part of the data protection obligations.  

       Any use of CCTV should be proportional to the intended purpose. Businesses should avoid excessive monitoring and ensure that the scope of the CCTV system aligns with the identified risks and objectives.  

       The Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR) state that businesses must process personal data obtained through CCTV systems lawfully and fairly. This includes obtaining consent where necessary, clearly informing individuals about the purpose of the CCTV system and ensuring the security and confidentiality of the recorded data.  

       You must register your details with the ICO and pay a data protection fee of £40 or £60 a year. Exemptions may apply, contact ICO by going to ico.org.uk 

      Another important consideration is that CCTV camera operating businesses should have a policy in place, including a nominated person who will be responsible for the operating system. Within your policy document, state the purposes of having CCTV for your business, how the information will be handled and guidance on disclosures and recordings. 

       Remember that individuals have the right to request access to CCTV footage in which they appear. Businesses should have a clear procedure in place for handling such requests and must respond within the legally specified timeframe. Requests must not be ignored and any refusal must be given in writing along with clear reasons aligning to the policy. 

      If a data protection request is received, it is their right to be responded to as quickly as possible, no later than one calendar month from the date it was sent. If there are other people visible in the CCTV footage and it is not possible to edit it to protect the identity of others, then a review will need to take place. Alternatively, it might be more appropriate to invite the contact to personally view the CCTV as your premises. 

      Appropriate training and guidance should be provided for employees who have access to CCTV systems. It should include handling footage according to GDPR regulations, and ensuring footage is not shared without prior permission. This helps ensure compliance with data protection requirements, privacy rights, and the proper handling of recorded footage.  

      When handling CCTV requests, staff should be as contactable and transparent as possible. They should also make contacts who have made requests fully aware of GDPR implications that could limit their use of the footage. This will protect both your business and the contact. Ensure that only trained and authorised individuals have access to the CCTV system and are able to share this. These same individuals should also conduct routine checks to ensure all parts of the system are working correctly. 

      If you’re considering adding CCTV to your commercial property, you must implement appropriate security measures to protect CCTV footage from unauthorised access, loss, or destruction. This involves encryption, access controls, secure storage, and regular system maintenance.  

       

      Retention Periods: Guidelines for CCTV Footage Storage and Retention  

      Businesses will need to determine the length of time their CCTV footage will be saved, and strictly stick to this. The length of retention will depend on the purpose for which the CCTV system is used, and it should be reviewed regularly to ensure compliance. It’s common practice for businesses to have a retention period of at least one calendar month. 

      Access and Disclosure: Procedures for Providing CCTV Footage to Authorities  

      Businesses must always be prepared to share their CCTV footage with law enforcement and other third parties in accordance with applicable laws and regulations. Data protection principles should be upheld when sharing footage externally.  

      The CCTV operation system that you choose will dictate the quality of footage your are able to record. This could be the difference between clearly identifying a criminal or not, so be sure to install the best quality cameras you can afford. It’s also worth considering how many cameras you will need and where they will be placed on your premesis, don’t forget to check for any obstructions that might limit your view. Regularly check the quality of your CCTV footage to make sure it hasn’t degraded over time. 

       

      Public Areas and Surveillance: Legal Boundaries and Public Expectations  

      Businesses using CCTV systems must also display signs prominently to inform individuals that they are being recorded. The signs should be clear, easily visible, and include contact details of the data controller responsible for the monitoring of the CCTV system. Signs should be located in high traffic areas and of a good readable size, this will also act as a deterrent to thieves. For total transparency you should also clearly outline your CCTV policy on your website. 

       In certain cases, businesses may be required to conduct a Data Protection Impact Assessment (DPIA) to assess and mitigate potential risks associated with the use of CCTV systems. This is especially relevant when processing large-scale personal data or using new technologies.  

       The Information Commissioner’s Office (ICO) in the UK provides comprehensive information and resources to help businesses understand and comply with CCTV regulations.

      Speak to a member of the Sygma team today to receive a personalised quote for CCTV installation.