Surveillance cameras include closed circuit television, automatic number plate recognition systems, dash cams and any other systems for recording or viewing visual images for surveillance purposes (e.g. 'doorbell' cameras), any systems for storing, receiving, transmitting, processing or checking images or information obtained by such systems, or any other systems associated with, or otherwise connected with these systems. The generic terms ‘CCTV’ and ‘images’ are used for ease of reference.
CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV is covered by the data protection legislation, regardless of the size of the system or organisation ("controller").
The Commissioner does not 'authorise', 'licence' or 'approve' the installation and use of CCTV, but the use of CCTV must comply with the data protection legislation.
The Commissioner has published guidance to assist controllers to understand and comply with their responsibilities and the obligations imposed on them by the data protection legislation when CCTV is installed.
In summary, the basic obligations are to:
- Comply with the all the data protection principles set out in Article 5 of the Applied GDPR;
- Display signs indicating the operation of CCTV and who to contact with any queries in that regard;
- Comply, without undue delay and in any event within one month, with requests from individuals for copies of their images, or requests to erase their images, captured by CCTV;
- Maintain records of processing activities;
- Register as a controller with the Commissioner.
Specific guidance on the use of dash cams is available below.
General guidance for controllers on complying with the data protection legislation is available by clicking here.
Separate guidance is available for individuals considering the installation of CCTV on domestic premises.