GDPR & CCTV: What You Need to Know About Privacy Compliance

If you operate CCTV that captures images of people — whether at home or in business — you have legal obligations under UK GDPR and the Data Protection Act 2018. Here is what you need to know.

Do I Need to Register with the ICO? If you use CCTV purely for domestic purposes (monitoring your own home and garden), you are generally exempt from registration. However, if your cameras capture footage of public spaces, neighbours' properties, or you use CCTV for business purposes, you must register with the Information Commissioner's Office.

Signage Requirements All non-domestic CCTV must have clear, visible signage informing people they are being recorded. Signs should include the purpose of recording, contact details for the data controller, and the legal basis for processing.

Data Retention You should only keep footage for as long as necessary. For most business purposes, 30 days is considered reasonable. Some sectors (like financial services) may require longer retention. Always have a documented retention policy.

Subject Access Requests Anyone captured on your CCTV has the right to request a copy of their footage. You must respond within one calendar month. Having a clear process for handling these requests is essential.

Our Approach At Guardian Security, every installation includes GDPR guidance. We help you with signage placement, configure appropriate retention periods, and document your privacy impact assessment. Compliance is built into every system we install.