Why Do You Need a CCTV Policy?
If you are using CCTV surveillance across any business area you should know how to write a CCTV policy. You have a legal obligation to notify individuals that you are using CCTV! You should implement a CCTV policy which defines how, why and when you use CCTV and what controls and security measures you have in place.
Privacy by Design is an approach to protecting data. It means ensuring that activities, services and processes are designed with data protection and security in mind from the start. This approach is important for the use of CCTV to ensure maximum security of any footage. Establishing and implementing appropriate technical and organisational measures is essential for securing CCTV data. This includes having a functional, effective CCTV policy for how such footage is used, recorded, stored, disclosed and transferred.
Defining the Policy Statement
A policy statement is a brief statement at the start of the policy document. It sets out a summary of the policy content and defines why the business wants and needs to have such a policy in place.
Understanding how to write a CCTV policy means putting your aims, requirements and obligations in writing. Consider why you need a CCTV policy. Which regulations and standards will be met by having one and how will the company benefit!
CCTV Policy Purpose
The purpose section should define the overall aim of the CCTV policy. Why has it been implemented? It should refer to the intent and objectives of the business and define what the policy content should achieve. Policies are not just paper exercises! They are intended as reference documents and working materials within your compliance framework.
You can also refer to the types and uses of CCTV within the business. These can include, but are not limited to; car park CCTV; webcams; body cameras; security CCTV, server room monitoring etc.
A policy needs to define the objectives you aim to meet as a company. What will the policy achieve within the business? How do you intend to comply with the relevant regulations? What controls and measures will you implement? Objectives that can be used in a CCTV policy template include: –
- Ensuring appropriate signage is used to notify individuals about the presence and use of CCTV.
- To comply with the UK GDPR, Data Protection Act 2018 and ICO CCTV Code of Practice.
- To develop and implement a compliant CCTV policy to ensure that the use of CCTV is valid, necessary and legal.
- Complete a Data Protection Impact Assessment on an annual basis to ensure that the use of CCTV continues to be necessary and compliant.
- To document the reasons for using CCTV and the legal basis upon which the company relies in any privacy notice(s).
- To ensure that all images or footage produced by the CCTV are as clear as possible and are regularly reviewed to ensure that the footage is of a high quality and resolution.
Legal Basis for CCTV & Privacy Notices
When using CCTV, you are required to define the legal basis for processing under the UK GDPR. More often than not, the use of CCTV will fall under either legitimate interests or a reliance on a public task. It is also mandatory to update any privacy notices with details of CCTV monitoring. The notice should state: –
- Why you utilise CCTV (i.e. record images of individuals or vehicles).
- Why the data is collected (e.g. to protect vehicles against damage).
- When CCTV images or footage may be disclosed.
- An individiual’s rights regarding CCTV footage and personal data.
GDPR CCTV Policy Template
The Know Your Compliance Limited GDPR CCTV Policy Template helps you to comply with your data protection obligations. If you are using CCTV in your workplace, it is important to comply with the UK GDPR and Data Protection Act 2018. This template set includes a ready-to-use policy template and a 70+ question CCTV audit checklist.
Individuals have a right to privacy, whether they are your employees, clients or customers. It is therefore mandatory to inform them when and where CCTV is being used. Any use of video equipment for monitoring or security must be accompanied by a written document explaining your use and choices. This information professionally documented in our CCTV policy template, meaning your don’t have to start from scratch.
Policy Template Sections
- Data Protection Impact Assessment
- Privacy Notice & Usage Reasons
- Recording and Monitoring
- Requests for Personal Data
- Security Measures
- Breach Management