Whether you’re a homeowner protecting your driveway or a business safeguarding your premises, using CCTV comes with legal responsibilities. With privacy laws tightening and awareness growing, it’s more important than ever to stay on the right side of legislation.
So what does the law actually say about CCTV in the UK in 2025?
Header and featured image from Freepik – www.freepik.com
1. The Big Picture: What Laws Govern CCTV Use?
Several key pieces of legislation shape how CCTV can be used in the UK:
• Data Protection Act 2018 (DPA 2018)
– Incorporates UK General Data Protection Regulation (UK GDPR).
– Applies when CCTV captures identifiable individuals.
• Protection of Freedoms Act 2012
– Introduced the Surveillance Camera Code of Practice.
– Applies primarily to public bodies like councils and police.
• Human Rights Act 1998
– Surveillance must respect individuals’ privacy rights under Article 8.
2. Domestic CCTV: Your Castle, Your Rules? Not Quite.
If you’re a homeowner:
• You can legally install CCTV to protect your home.
• If cameras only cover your property, data protection laws likely don’t apply.
• If cameras capture beyond your boundary (e.g., public paths), UK GDPR applies.
Then you must:
• Put up clear signage.
• Avoid recording unnecessary areas.
• Store footage securely.
• Provide data access on request.
An interesting legal case is the Fairhurst v Woodard (2021) where a homeowner breached data laws by recording audio beyond their property boundary.
3. Business and Commercial Use: Compliance is Critical
For CCTV in businesses and public areas, full compliance with UK GDPR is required:
• Have a lawful basis (usually ‘legitimate interest’).
• Use visible signage.
• Retain data only as long as necessary.
• Restrict access to authorised personnel.
• Respond to Subject Access Requests (SARs).
• Carry out a Data Protection Impact Assessment (DPIA) for intrusive systems.
• Register with the ICO and pay the data protection fee.