CCTV Usage Policy

Last updated: 24 February 2026 · ShieldCCTV Ltd · ICO Registration No. ZB123456

1. Purpose Limitation

CCTV systems installed by ShieldCCTV Ltd are deployed for defined, legitimate purposes only. Permitted purposes include:

• Prevention and detection of crime on your property
• Protection of property and assets
• Health and safety monitoring in commercial and industrial environments
• Safeguarding of staff, residents, pupils, or visitors
• Providing evidence to support police investigations

CCTV systems must not be used for covert surveillance of employees without appropriate legal basis, monitoring of public spaces beyond what is necessary, or any discriminatory or targeted profiling.

2. Camera Positioning & Coverage

All cameras are positioned during the installation survey to ensure they capture only the area necessary for the stated purpose. As required by ICO guidance:

• Cameras must not capture areas where there is a reasonable expectation of privacy (e.g. toilet facilities, changing rooms)
• Coverage of neighbouring properties or public areas must be minimised and proportionate
• Residential CCTV covering public footways must comply with ICO domestic CCTV guidance
• Any significant change to camera positioning after installation should be reviewed against this policy

3. Data Controller Obligations

If your CCTV system records footage of identifiable individuals, you are likely a data controller under UK GDPR. Your obligations include:

• Registering with the ICO if processing is not exempt (check: ico.org.uk/registration)
• Conducting a Data Protection Impact Assessment (DPIA) for high-risk surveillance
• Implementing a written CCTV policy for your organisation
• Responding to Subject Access Requests (SARs) from individuals captured on camera
• Ensuring footage is stored securely and is not accessible to unauthorised persons

4. Signage Requirements

The ICO requires that individuals are informed when they are entering a CCTV-monitored area. As part of every commercial installation, we advise on:

• Placement of clearly visible CCTV warning signs at all entry points
• Signs must include: the name of the data controller, the purpose of surveillance, and contact details
• Signs should be visible before individuals enter the monitored zone
• We can supply ICO-compliant signage packs as part of your installation

5. Data Retention & Storage

We recommend the following retention periods aligned with ICO guidance:

• Standard residential: 14–30 days
• Commercial properties: 30–60 days
• Industrial / high-risk sites: up to 90 days
• Footage retained beyond these periods requires documented justification

All NVR/DVR systems we install are configured with automatic overwrite on the agreed retention schedule. Cloud storage is encrypted at rest and in transit.

6. Audio Recording

Audio recording by CCTV systems is subject to additional legal requirements under the Investigatory Powers Act 2016 and UK GDPR. If your system includes audio capability:

• Clear audio recording notices must be displayed in addition to standard CCTV signs
• Audio recording in employee areas may constitute covert monitoring — legal advice is recommended
• We recommend audio features are disabled unless there is a specific, documented purpose

7. Access to Footage

Access to CCTV footage must be restricted to authorised persons only. We recommend:

• Maintaining a log of who has accessed recorded footage and when
• Password-protecting all NVR/DVR and remote access accounts
• Providing footage to police only upon receipt of a formal request or under immediate emergency circumstances
• Not sharing footage publicly (including on social media) without legal advice

8. Our Role as Data Processor

Where ShieldCCTV Ltd provides remote monitoring services and accesses live or recorded footage on your behalf, we act as a data processor. In this capacity we:

• Process footage only on your documented instructions
• Maintain a signed Data Processing Agreement (DPA) with all monitoring clients
• Do not retain footage beyond what is operationally necessary for monitoring purposes
• Notify you of any data breach within 24 hours of discovery

9. Planning Permission

In most cases, planning permission is not required for CCTV cameras in Southampton and Hampshire. Exceptions include:

• Listed buildings — consent from the Local Planning Authority is required
• Conservation areas — check with Southampton City Council before installation
• National parks or Areas of Outstanding Natural Beauty — consent may be required
• Cameras protruding more than 1 metre from an external wall or mounted below 2.5 metres height

Our surveyors check planning requirements as part of every free site survey.

10. Useful Resources

• ICO CCTV Guidance for Organisations
• ICO CCTV Guidance for Individuals
• Southampton City Council — Planning
• ICO Data Controller Registration