GDPR Requirements for Business CCTV – 2020


CCTV is essential for commercial surveillance and security. A store break-in, employee emergency, health scare, or any other significant event could occur when you’re not looking. Only CCTV can catch everything the moment it happens.

Getting started with video surveillance requires more than just installing a few cameras. There are also strict compliance regulations you need to follow.

One of those compliance concerns is GDPR. GDPR stands for General Data Protection Regulation. It’s one of the most recent, and most important, regulations business owners must follow if they want to install CCTV.

You don’t want to miss a moment of the action. Learn more about GDPR requirements for closed-circuit televisions, so your business remains compliant at all times.


How Does GDPR Work?

General Data Protection Regulation was introduced into EU law in 2016 and implemented across Europe in 2018. All countries that belong to the EU must abide by GDPR regulations.

GDPR applies to any website, process, or device that records and stores data. For example, a webmaster who operates websites is subject to GDPR since sites use cookies. Cookies store personal data to improve the web browsing experience for visitors.

However, under new GDPR regulations, websites must inform all visitors that a website uses cookies. A visitor can either agree to the terms and proceed to the site or disagree with the terms and not browse the site. GDPR ensures sites are transparent about personal data collection.

Your company website is just one GDPR concern to consider. If you collect consumer data for marketing purposes, you must remain GDPR compliant, as well. You would also need a GDPR-compliant login process for customers and clients.

Even countries based outside of the EU are subject to GDPR regulations. For example, a U.S. based eCommerce site should prioritise GDPR compliance if they serve any customers in the EU. When GDPR was officially implemented in 2018, some outside companies temporarily restricted access to EU residents because their processes were not yet compliant.

Not being GDPR compliance can slow down production and sales for your company. The same applies to your security efforts. Using non-compliant CCTV can throw your business off track if you’re caught and fined.



Since CCTV cameras record anyone who walks in and out of your business, it’s also subject to GDPR compliance. Any video or image recorded through CCTV can potentially identify an individual, which means you must follow GDPR rules to install CCTV.

Your first step is to communicate with customers that they’re on CCTV. This is similar to letting website visitors know that a site uses cookies.


How to Inform People

The best way to inform customers of CCTV GDPR compliance is to post visible signs inside of the store. The same standard applies to employees. You must tell your employees that you’re installing CCTV cameras to monitor job behavior.

Employees should be informed of your CCTV data policy upon employment. It’s also not enough to just inform people that they’re being recorded. As a business owner, it’s also your responsibility to explain why you’re using CCTV to monitor the store.

It’s important to communicate to EU residents when GDPR is lawful. Since consent can technically be withdrawn, you need a way to explain to residents that it’s necessary. There are several ways to explain CCTV recording under GDPR.


Contractual Explanations

For example, you could explain in a contract that the flow of goods will be monitored with CCTV. You would use this explanation for a vendor who delivers goods and services to your business.

This GDPR rule also applies to any contract that holds up under contract law. Even verbal contracts count. Thus, the other party understands that CCTV monitoring is necessary to meet contractual terms.


Legal Reasons

You can explain that you’re monitoring because of a required legal provision. You would use this explanation if you need to collect and process data for a particular law or statute. However, you must inform the other party about which legal requirement you’re following.

The legal explanation requirement is similar to the previous DPA 1998 rule. Thus, if you’re already using this explanation, you’re CCTV is likely compliant. However, you should still read through the latest GDPR guidelines on the issue.


Protecting a Person’s Life

Another GDPR explanation is the “vital interest” explanation. You would explain to subjects that data processing is necessary to protect their lives or interests. This explanation typically applies if potential medical emergencies are involved.


Using CCTV for Public Interest

Another lawful use of CCTV is the recording of EU residents for public purposes. This explanation applies to public or government or agencies that must record and process personal data.

Public tasks carried about by Parliament, the Administration of Justice, the Crown, or Minister of the Crown would use this explanation to inform individuals of CCTV recording.


What Does Legitimate Interest Mean?

If you’re having trouble identifying the right GDPR explanation for your needs, your CCTV activities may fall under “legitimate interest” under GDPR. This is technically the most flexible lawful reason for CCTV recording.

Since the “legitimate interest” basis is quite broad, you’ll need to detail your reasons for using CCTV. GDPR guidelines suggest running three tests: purpose, necessity, and balance.

First, you’ll need to explain if you’re using CCTV for legitimate interest. Why are you using CCTV, who benefits from CCTV at your business, and what are the broader benefits of CCTV? These are critical questions to answer.

Next, explain why CCTV is necessary to achieve your legitimate purpose. Is there another means of going about it? Finally, you’ll need to see if the rights of the individual override the legitimate interest explanation.

You need to explain the potential impact of CCTV and consider ways to lessen any potential harm CCTV recording, as well.


Protect Your Business By Remaining GDPR Compliant

GDPR applies to more than just your company website. Ensure that all your CCTV activities are compliant with the latest GDPR guidelines. Refer to this guide as you draft your new CCTV plan and policy.

Are you ready to enjoy the benefits of CCTV now? Request a CCTV survey now to improve your security right away.