3 min read

Writen by Zlatko Delev

Posted on: March 15, 2022

ICO Video Surveillance guidance

The steady growth of the use of video surveillance systems across public and private sectors, has led to both fixed and mobile cameras becoming more accepted in society. As video surveillance technology becomes more mainstream and affordable, it is now more common to see technologies such as smart doorbells and wireless cameras. Traditional closed circuit television (CCTV) also continues to evolve into more complex artificial intelligence (AI) based surveillance systems. These can process more sensitive categories of personal data. The ways in which the technology is used also continue to develop. This includes connected databases utilising Automatic Number Plate Recognition (ANPR) or the use of Facial Recognition Technology (FRT) in public spaces. Often they process the personal data of large numbers of the general public for security, crime prevention or for other specified purposes such as digital advertising. However, some of these uses can be particularly intrusive, especially if processing takes place without the knowledge of the individual.

ICO Guidance:

ICO have developed guidance to help organisations in the public and private sector, who use video surveillance systems to collect and process personal data. It will help companies stay within the legal requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This guidance will also be relevant to law enforcement authorities that are using video surveillance separately for any purposes under the UK GDPR.

This guidance covers the processing of personal data by video surveillance systems by public and private sector organisations. Surveillance systems specifically include, but are not limited to traditional CCTV, Automatic Number Plate Recognition (ANPR), Body Worn Video (BWV), Drones (UAVs), Facial Recognition Technology (FRT), dashcams and smart doorbell cameras.

Organisations using surveillance systems that process the personal data of identifiable individuals need to comply with the UK GDPR and DPA 2018.

This particular guidance does not cover:

  • covert surveillance techniques;
  • processing for specific criminal law enforcement purposes by competent authorities under Part 3 of the DPA 2018;
  • processing by intelligence services under Part 4 of the DPA 2018; and
  • processing that is purely in the context of personal or household activities, such as household CCTV within the boundaries of private property.

This guidance also does not cover the use of ‘dummy’ or non-operational systems. However, it does cover pilots or trials as personal data is still processed.

For more information visit ICO website and check the following link .

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.

Contact Us

Recent blogs

Accountability Tracker

As your Article 27 Representative we will always help if you receive a SAR, RTE, or other data prot

How to handle a Subject Access Request

We have said this previously but we are still seeing a huge number of Subject Access Requests [

Right to Erasure and how to handle it

Summary: The Right to Be Forgotten is one of the fundamental rights defined in GDPR.  Also

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.


Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.