How to Write a CCTV Policy

Why Do You Need a CCTV Policy?

If you are using CCTV surveillance across any business area you should know how to write a CCTV policy. You have a legal obligation to notify individuals that you are using CCTV! You should implement a CCTV policy which defines how, why and when you use CCTV and what controls and security measures you have in place.

Privacy by Design is an approach to protecting data. It means ensuring that activities, services and processes are designed with data protection and security in mind from the start. This approach is important for the use of CCTV to ensure maximum security of any footage. Establishing and implementing appropriate technical and organisational measures is essential for securing CCTV data. This includes having a functional, effective CCTV policy for how such footage is used, recorded, stored, disclosed and transferred.

Defining the Policy Statement

A policy statement is a brief statement at the start of the policy document. It sets out a summary of the policy content and defines why the business wants and needs to have such a policy in place.

Understanding how to write a CCTV policy means putting your aims, requirements and obligations in writing. Consider why you need a CCTV policy. Which regulations and standards will be met by having one and how will the company benefit!

Objectives

A policy needs to define the objectives you aim to meet as a company. What will the policy achieve within the business? How do you intend to comply with the relevant regulations? What controls and measures will you implement? Objectives that can be used in a CCTV policy template include: –

• Ensuring appropriate signage is used to notify individuals about the presence and use of CCTV.
• To comply with the UK GDPR, Data Protection Act 2018 and ICO CCTV Code of Practice.
• To develop and implement a compliant CCTV policy to ensure that the use of CCTV is valid, necessary and legal.
• Complete a Data Protection Impact Assessment on an annual basis to ensure that the use of CCTV continues to be necessary and compliant.
• To document the reasons for using CCTV and the legal basis upon which the company relies in any privacy notice(s).
• To ensure that all images or footage produced by the CCTV are as clear as possible and are regularly reviewed to ensure that the footage is of a high quality and resolution.

Legal Basis for CCTV & Privacy Notices

When using CCTV, you are required to define the legal basis for processing under the UK GDPR. More often than not, the use of CCTV will fall under either legitimate interests or a reliance on a public task. It is also mandatory to update any privacy notices with details of CCTV monitoring. The notice should state: –

• Why you utilise CCTV (i.e. record images of individuals or vehicles).
• Why the data is collected (e.g. to protect vehicles against damage).
• When CCTV images or footage may be disclosed.
• An individiual’s rights regarding CCTV footage and personal data.

Read more…

GDPR CCTV Policy Template

The Know Your Compliance Limited GDPR CCTV Policy Template helps you to comply with your data protection obligations. If you are using CCTV in your workplace, it is important to comply with the UK GDPR and Data Protection Act 2018. This template set includes a ready-to-use policy template and a 70+ question CCTV audit checklist.

Individuals have a right to privacy, whether they are your employees, clients or customers. It is therefore mandatory to inform them when and where CCTV is being used. Any use of video equipment for monitoring or security must be accompanied by a written document explaining your use and choices. This information professionally documented in our CCTV policy template, meaning your don’t have to start from scratch.