Connect with us


How has GDPR impacted CCTV systems?

Last updated by


cybersecurity and pen testing

The new General Data Protection Regulation (GDPR) legislation has been around for a little while now since being introduced in the Uk earlier this year.  With more businesses implementing new camera systems combined with cloud CCTV storage as a result of the guidelines, we discuss what businesses in the county can do to ensure continued compliance as we enter 2019, and what the consequences could be if not approached correctly.

All UK businesses should be aware that GDPR has now replaced the old Data Protection Act (DPA). Although you may have previously been in line with this ruling, there are new areas that you must cover with GDPR.

Although Brexit is currently up in the air; GDPR is integral to the European Union and its parliament, and so is likely to continue to have a part to play in Britain post-Brexit.


Did you know that, if you’re a UK business that isn’t complying with GDPR then you could potentially face a fine equalling 4% of your annual global turnover!

Ensuring you’re compliant:

  • You must notify surrounding people that they are being recorded as employees and site visitors become data subjects.
  • You shouldn’t keep data for over 30 days – under different circumstances, this can
  • You have a duty to protect the data that you collect.
  • You need a strong and valid reason for the placement of CCTV around your perimeter.
  • You can’t use CCTV to ‘watch over’ your employees.
  • You must not place CCTV in places where employees expect privacy i.e. canteens.

How to avoid prosecution?

To make sure you don’t fall foul of GDPR, and to ensure you aren’t in any danger of prosecution by the European Parliament, you should make sure you understand the list highlighted above, as well as take action re below:

  • Notify the public that you are recording them for CCTV and security purposes by putting up signs that signal this – include a contact number too, so anyone can contact if they incur any issues.
  • Dispose of your data after 30 days of retainment – it can be kept for longer if the local authorities have a written request and must view it on your own premises.
  • Avoid data breaches by drafting up a contract with your security supplier (who will become your data processor under GDPR legislation) and highlight what they can and can’t do with any footage that they obtain from your surveillance.
  • A reason for CCTV. This could be to help protect your employees when it comes to health and safety, for example, and capture any incidents that could potentially occur – such as a robbery.
  • Compile an operational requirement, which should support your decision for CCTV placement.
  • Highlight a security risk which could be minimised through CCTV – whether this is being placed in canteens or smoking areas. An operational requirement can be made in this instance too.

CCTV isn’t always an easy concept for businesses to understand.  With the help of 2020 Vision – who specialise in ip cctv systems- corporate protection is made easier. Make sure that you’re covered at all costs to avoid facing tremendous penalties for non-compliance.