Contact Us

12.9 Covert Surveillance

Right to be Informed – a data controller can only avoid providing the processing information set out in Article 13 GDPR in limited circumstances. Those circumstances are set out in Schedule 2 of the Data Protection Act 2018. Otherwise, full information should be set out in the data controller’s Privacy Policy. 

The most relevant one will be Schedule 2, Part 1, Paragraph 2 whereby the disclosure would jeopardise the prevention or detection of crime. We strongly recommend taking professional advice before seeking to rely on an exemption under the DPA 2018. 

Consent – consent is not usually relevant to covert surveillance.

Subject Access Request – refer to section 8.1.

Archive Retention – recordings should be reviewed on a frequent basis and only retained if relevant to the purpose of the surveillance. The archive must be deleted or otherwise destroyed once the case is closed.

Privacy – cameras should not view areas where individuals have a reasonable expectation of privacy, including, but not limited to:- 

  • residential housing including external areas not in public view;
  • commercial property neither in public view nor associated with the purpose of the surveillance; and
  • changing rooms or toilets.

Access to recordings shall be password protected and managed on computer devices identified by unique reference numbers logged in a Controlled Data Register. The recording must be deleted at the end of the archive period. 

Process – covert CCTV surveillance will not be undertaken unless under exceptional circumstances when specifically agreed in writing by the data controller.

Such schemes shall be for specified and reasonable purposes and deployed only for the duration of a specific case. The following issues should be considered and documented, potentially as part of a wider Data Privacy Impact Assessment (DPIA):-

  • cause for considering implementation of covert surveillance
  • justification
  • purpose
  • area(s) of surveillance
  • justification for voice recording
  • the initial term of the scheme
  • routine review frequency; and
  • date of decommissioning

Related Posts

Incentive
ABM
Colliers International
Gerald Eve
Vail Williams
Avison Young
Lambert Smith Hampton
Ashdown Phillips
Savills
CBRE
Bidvest Noonan
Helix
JLL
Metrus
Cushman & Wakefield
JSS
Knight Frank
Iss

Providing GDPR Data Compliance Support & Software since 1998 to over 700 commercial premises throughout the UK to the benefit of Landlords and Managing Agents.

Services
Software
Useful Info
Get In Touch

7b, Churchill Court,

Palmerston Rd,

Boscombe,

Bournemouth

BH1 4HN

© 2024 All Rights Reserved.

Home
Software
Services
About
Request A Demo
Plans & Pricing
Blog
Contact Us
Call Sales: (020) 3633 0235
sales@verifi-cctv.com
Contact Us

SOFTWARE

eDOB

Replacing your paper based Daily Occurrence Book

Proof of Presence

Solution for generating attendance records

Key & Asset Management

Replaces your paper based records

Visitor Management

Replacement to the traditional paper-based visitor book.

Secure File Sharing

CCTV footage and other data transferred electronically
View All Products

SUPPORT

Software Support

SERVICES

GDPR Compliance Support Service

Helping comply with GDPR relating to the use of surveillance

Evidence Download Service

Downloading evidence off of your security system

CCTV Redaction

Providing GDPR compliant CCTV redaction editing
View All Services

SUPPORT

GDPR Guidance