Surveillance cameras include closed circuit television, automatic number plate recognition systems, and any other systems for recording or viewing visual images for surveillance purposes, any systems for storing, receiving, transmitting, processing or checking images or information obtained by such systems, or any other systems associated with, or otherwise connected with these systems. The generic terms ‘CCTV’ and ‘images’ are used for ease of reference.
CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV is covered by the data protection legislation, regardless of the size of the system or organisation.
The CCTV guidance published by the Commissioner is to assist controllers to understand and comply with their responsibilities and the obligations imposed on them by the data protection legislation when CCTV is installed.
In summary, the basic obligations are to:
- Comply with the all the data protection principles set out in Article 5 of the Applied GDPR
- Display signs indicating the operation of CCTV and who to contact with any queries in that regard
- Comply, without undue delay and in any event within one month, with requests from individuals for copies of their images, or requests to erase their images, captured by CCTV
- Maintain records of processing activities
- Register as a controller with the Commissioner
The current CCTV guidance has been updated to include minor changes. A complete revision is being undertaken and will be published in due course.
General guidance for controllers on complying with the data protection legislation is available by clicking here.
Separate guidance is available for individuals considering the installation of CCTV on domestic premises.