FAQ’s

Yes, you need to register with the ICO if you use CCTV or other electronic surveillance equipment.

In most situations, companies that operate from multiple premises only need to register once. 

When using surveillance systems like CCTV, it’s important to conduct a Data Protection Impact Assessment (DPIA) for processing that poses a high risk to individuals. A DPIA is required by law for properties using CCTV, ANPR, Body Worn Video, Drones, Facial Recognition Technology, and in some cases Ring door cameras, dash cams, action cams and electronic access controls.

If you have recently taken over management of a property with any of these systems, ask for an up-to-date copy of their DPIA. The DPIA should be reviewed regularly, preferably annually. If there is no document or it is outdated, you must conduct a new DPIA or arrange for one to be done.

t’s important to let people know that they are being recorded. Make sure the signs are clear, located properly, and there are enough of them. This is to ensure transparency and let individuals know their personal data is being captured.

Place the signs at a reasonable distance from the monitored areas so people can see them before entering. If you use websites or social media to inform people, make sure to direct their attention to the information. Physical signs with extra information can provide a more detailed privacy notice.

Signs should be more noticeable in areas where people are less likely to expect surveillance. For example, if you have a surveillance system in a large public area, use more prominent signage.

For instance, in a multi-storey car park using CCTV cameras, have signs inside and at the entrance. Include details about the organisation operating the system, the purpose, and provide a link to the privacy policy and contact information

he data should be stored within the UK and not outside. If you’re uncertain, ask the CCTV company to confirm in writing where the cloud is based and where the data is stored. It’s important to have an up-to-date and documented data sharing agreement in place.

1. Noncompliance with Data Protection Law may result in severe penalties, including fines of up to €20,000,000 Euros or 4% of global turnover (whichever is greater), and reputational damage.

Recording audio using surveillance systems is subject to certain considerations and requirements. Continuous recording of audio requires a strong justification, which needs to be documented and thoroughly risk assessed. Prior to using any recording device capable of recording private conversations, you must conduct a Data Protection Impact Assessment (DPIA).

This applies to operators and data processors, including contracted security companies, who are using surveillance systems such as CCTV, ANPR, Body Worn Video, Drones, Facial Recognition Technology & under some certain circumstances Ring door, Dash, and Action Cameras as well as Electronic Access Control.

Yes, if you disclose someone’s images or personal data without complying with Data Protection Law, it could be a criminal offence.

Yes, if you disclose someone’s images or personal data without complying with Data Protection Law, it could be a criminal offence.

Yes, By being trained and knowledgeable about these aspects, you can ensure compliance with the GDPR and fulfil your responsibilities effectively.

The training should cover topics such as:

• Handling subject access requests
• Responding to requests from the police, visitors, or tenants
• Making copies of data or retaining data for future use
• Understanding the requirements of the UK GDPR in relation to surveillance systems like CCTV, ANPR, body cameras, and facial recognition as they pertain to your role.

If you are not directly employed by the Data controller, then you must have the appropriate SIA licence to view or review any surveillance footage.