CCTV – General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA18)
If your business uses CCTV, you should register your details with the Information Commissioner’s Office (ICO), you must tell people they may be recorded, usually by displaying signs, which must be clearly visible and readable, control who can see the recordings, ensuring the system is only used for the purpose it was intended for – for example, if it was set up to detect crime, you should not use it to monitor how much work your staff do.
If CCTV is installed on private domestic property and it only captures images within the boundary of the private domestic property (including your garden), then the data protection laws will not apply.
If the CCTV system captures images of people outside the boundary of your private domestic property – for example, neighbour’s homes or gardens, shared spaces, or on a public footpath or a street, then the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA18) will apply to you, and you will need to ensure your use of CCTV complies with these laws. This guidance refers to them as the data protection laws.
Regardless of whether your use of CCTV falls within the data protection laws, the ICO recommends you use it responsibly to protect the privacy of others.
Back to main CCTV page.