White Paper: Looking through the lens – A data protection guide to CCTV


If your company installs CCTV on its premises which can record individuals, you are deemed a “data controller” and will therefore be responsible for complying with data protection legislation. In order to comply with your data protection obligations relating to CCTV use, there are a number of questions that need to be addressed, including:

  • Have you installed the appropriate signage required for CCTV where needed?
  • Have you identified who is responsible for the CCTV whilst in operation?
  • Have you implemented a CCTV policy?
  • Do you have a process to deal with Data Subject Access Requests (DSARs) that include CCTV footage?


The decision whether to install CCTV at your company premises therefore requires careful consideration and, if you do decide to use it, time needs to be spent on ensuring that you are complying with your obligations.


This detailed downloadable guide will walk you through the considerations applicable to CCTV processing. Whilst it is not exhaustive or specifically tailored to your organisation, it is indicative of the general considerations you will be expected to address as a controller of a CCTV system. The guide also includes a handy checklist to ensure you address the key considerations.

CCTV is complex by nature. It is not uncommon for professionals to have a variety of different views on how to approach CCTV (such as when redactions should apply following a DSAR request). If you remain unsure, it is important that you seek further advise or guidance from a Data Protection Officer (DPO) or privacy specialist.

If you would like advice on using CCTV, or any other data protection related issue you are facing, please contact us.

Download the white paper:

CCTV White paper