Estimated Reading Time: 16 minute(s)

Last reviewed: May 2026

This article is for general guidance only and is not legal advice. Workplace CCTV and employee monitoring should be assessed against current ICO guidance, UK GDPR and the Data Protection Act 2018. Employers should seek legal advice where needed.

In the UK, employers can use CCTV in the workplace if they have a lawful, necessary and proportionate reason, such as security, health and safety, theft prevention or protecting staff. Employees should usually be told CCTV is in use, why footage is being collected, who can access it and how long it will be kept.

Covert monitoring should only be used in exceptional circumstances, such as a specific investigation, and employers should be able to justify why less intrusive options would not be enough.

CCTV in the Workplace

Table of Contents

  1. CCTV in the workplace overview
  2. Why businesses use workplace CCTV
  3. Workplace CCTV rules for business
  4. Who can view CCTV footage?
  5. Employee access and CCTV retention
  6. Covert CCTV monitoring
  7. Protecting employee rights
  8. CCTV signs and transparency
  9. Key takeaways and FAQs

There are at least 500,000 CCTV cameras in London, and most of them are installed on private premises, including workplaces. The deployment of CCTV in the workplace has become routine, but not indiscriminate.

The UK has an ample body of legislation regarding the way CCTV footage can be gathered and used in the workplace. This legislation aims to uphold both a business’ right to protect its interests and its employees’ basic human rights to privacy and dignity.

How are these rights upheld, and what are the rights and obligations of an employer and its employees? Here’s a bird’s eye view of the subject.

Why Are CCTV Cameras Used in Workplaces?

Surveillance-related laws recognise that companies have a right to protect their legitimate interests. What are these legitimate interests that one could protect through CCTV in the workplace?

CCTV cameras have been deployed in a very diverse range of working environments, from small offices to busy industrial floors. And the reasons are more specific and, surprisingly enough, more diverse than “security”.

Staff and property security is, nonetheless, the most important reason. CCTV cameras are an effective way to protect your staff against assault and harassment.

CCTV in the workplace can also be an efficient deterrent against vandalism and property theft. And, if the worst happens, CCTV footage can aid in police investigation and constitute evidence in court.

Improving workplace efficiency is another common reason for CCTV in the workplace. CCTV cameras can provide important information regarding the way company resources are used.

They can offer useful metrics about issues like overcrowded areas, or inefficient logistics or maintenance operations, giving management the kind of data they need to optimise day-to-day operations.

Enforcing health and safety or security policies may not be glamorous, but it is one of the most common use cases for CCTV in the workplace.

They are often broken unwittingly, and immediate feedback on any breach is the only way to ensure that a momentary slip does not become the rule, rather than the exception.

These applications paint a clear, but somewhat incomplete picture of CCTV deployments today. CCTV technology is versatile and easy to integrate in more advanced systems. That’s why many deployments combine several applications into one system: security cameras installed in reception areas, for example, can also be used to supplement access logs.

CCTV in the Workplace Rules for Business

The massive adoption of CCTV technology in the mid-1990s prompted the government and public authorities to take a more active role in the regulation of video surveillance. UK legislation walks a thin border between recognising the benefits of CCTV surveillance and limiting its erosion of privacy.

The Human Rights Act (HRA) of 1998 is the broadest, but also the most fundamental piece of legislation that governs the use of CCTV cameras. Article 8 of the HRA outlines a person’s right to privacy, which extends to public spaces and the workplace, not only to their private home.

Overly intrusive CCTV surveillance, without legitimate security or business purpose, can constitute a breach of this right.

The Protection of Freedoms Act (POFA) of 2012 is primarily concerned with CCTV usage in public spaces, but it’s a useful landmark. The CCTV Code of Practice issued under its auspices is particularly useful, regardless of the deployment environment.

The GDPR clarifies that CCTV footage is personal information, and includes a number of specific requirements regarding how personal information is stored and processed. It also requires those who hold this data (i.e. employers) to disclose it, based on subject access requests (SARs) from employees.

The Data Protection Act (DPA) of 2018 expands upon the surveillance implications of Article 8 of the HRA and the GDPR. It’s an act with a long history: the one we have today replaces another act, whose history goes back to 1998. It details the status of CCTV footage and outlines requirements for the collection, processing and disclosure of CCTV data. Many of the explicit requirements for CCTV deployment originate in this document

Who can view CCTV footage at work?

Access to workplace CCTV footage should be limited to authorised people who need to view it for a legitimate purpose. This may include a business owner, facilities manager, security manager, HR manager, IT administrator, or an external security provider, depending on how the CCTV system is managed.

Under UK data protection law, employers should restrict access to footage so it is only viewed by people who need it for the purpose the CCTV system was installed. For example, footage collected for site security should not be casually viewed, shared internally, or used for unrelated staff monitoring.

Keeping the access list short is both good compliance practice and good operational practice. It reduces the risk of footage being misused, shared incorrectly, or accessed by people who do not need to see it.

Employers should also keep access controlled through secure logins, role-based permissions, audit logs where available, and clear internal policies. If CCTV footage includes employees, visitors or members of the public, it should be handled as personal data.

In some cases, footage may be shared with the police, insurers, legal advisers or regulators where there is a lawful reason to do so. Employers should record why footage was accessed or shared, especially where it relates to an investigation, complaint, accident or disciplinary matter.

Can Employees Request Access to CCTV Footage?

Employees may be able to request access to CCTV footage in which they appear through a subject access request, often shortened to SAR.

They should not normally be given unrestricted access to footage of other people, so employers may need to review, redact or withhold parts of footage where another person’s rights could be affected.

How Long is CCTV Footage Kept in the UK?

One of the most common questions is “how long is CCTV footage kept in the UK?” There is no single fixed retention period for every workplace CCTV system. Footage should not be kept for longer than necessary for the purpose it was collected.

Many organisations use a standard retention period, such as 30 days, unless footage is needed for an investigation, insurance matter, complaint, disciplinary process or legal reason.

Employers should keep clear records of who has accessed CCTV footage, why access was needed, and how any requests were handled. This helps demonstrate accountability and provides an audit trail if footage is used for an investigation, complaint, disciplinary process or subject access request.

Who Else Can Be Given Access to CCTV Footage?

Besides employees, the police may request access to workplace CCTV footage where there is a lawful reason to do so.

CCTV footage should not be shared widely or casually. If footage needs to be disclosed to another party, the employer should be able to justify the decision and consider whether any individuals shown in the footage need to be protected, blurred or anonymised.

Is it illegal to monitor employees on CCTV?

Under certain circumstances, a company can monitor its employees without their knowledge through CCTV in the workplace. This is called covert or targeted surveillance.

Under current guidelines, it is possible to conduct targeted surveillance, but only as part of a specific investigation, if a company has serious suspicions that employees are breaking the law, and if disclosing the act of surveillance would undermine the investigation.

Prior to conducting covert surveillance, you should carry out a privacy audit and ensure that covert surveillance impacts as few people as possible. The possibility of such monitoring should also be mentioned as a possibility in the company’s data protection or privacy policy.

Furthermore, the terms of the investigation must be as specific as possible. Unless it reveals information that cannot reasonably be ignored, such as evidence of additional crime or gross misconduct, any data obtained through covert surveillance which is not relevant to the investigation has to be disregarded.

For instance, if a retail business engages in covert surveillance because it suspects an employee is stealing items from the shop, it can use footage that captures such theft, or another crime. However, it cannot use this footage for assessing employee performance.

Relevant video footage is generally used as part of a disciplinary hearing. However, at that point, employees have to be granted access to this CCTV footage, and they should be given a chance to explain and contest it.

There are precedents where the use of covert surveillance has been approved by courts (such as the McGowan v Scottish Water case). But covert surveillance is truly an exceptional tool, that’s best saved for truly exceptional situations.

How Long Can CCTV Data Be Retained for?

We’ve taken a look at how long CCTV footage is kept in the UK – but how long can data be retained? Once again, data protection laws do not mandate a specific retention period. The DPA requires only that images should not be retained for longer than necessary to achieve the purposes of the CCTV system. Once a retention period has expired, images must be deleted.

It’s up to you to determine what this retention period is. You should have one that will apply, by default, to any CCTV footage you obtain. 30 days is a typical retention period.

That doesn’t mean all images have to be erased after 30 days, no matter what. You are allowed to retain images for longer – for instance, over the course of an investigation, which can span longer than 30 days. However, in this case, you have to keep the footage in a secure place, with controlled access, away from routine data.

How and Why Should Employers Protect Employee Rights?

A contract of employment has an implied term of trust and confidence. An employer and its employees rely on each other to be honest and respectful, and should not conduct themselves in a manner that could damage this mutual relationship.

Unreasonable and unjustified CCTV in the workplace monitoring is a direct breach of this term – in other words, it’s illegal in its own right.

But in more general terms, ensuring that employee rights are protected is not only a direct expression of the implied term of trust and confidence, it’s also a way to ensure that a company’s own legal rights are upheld. For example, CCTV footage that is not obtained in compliance with data protection laws may not be admitted as evidence in court.

So what can a business do to protect the rights of its employees?

Carry Out an Impact Assessment. This is a widespread and efficient practice and is recommended by the ICO.

You should carry out an impact assessment prior to deploying CCTV equipment, and every time surveillance cameras are added, moved or removed when systems are upgraded, when new systems are installed, and when features that include biometric capabilities, such as facial recognition, are added to your system.

An impact assessment should outline the problems that the CCTV system is trying to resolve, explain why deploying CCTV in the workplace is a part of the most effective solution and how it will help solve these problems, and how its success will be measured. The ICO maintains a very comprehensive impact assessment template.

Maintain and make available a written policy which clearly and comprehensively outlines:

  • What privacy expectations your employees should have
  • The extent and purpose of any surveillance that you conduct, either permanently or occasionally
  • The rights and obligations that the company and employees have concerning CCTV in the workplace

Do you have to display signs if you have CCTV in the workplace?

Maintain transparency about surveillance measures and purposes. This includes putting up signs wherever relevant, answering questions about procedures and generally being proactive about informing employees about their rights and privacy.

Professional CCTV cabling solutions for security and surveillance systems.

Maintain procedures for allowing access or disclosing CCTV footage. This is not just a good idea, it’s a requirement of the DPA. But having clear procedures in place ensures that everyone receives equal protection, and that a company maintains the level of accountability that makes its workplace surveillance trustworthy.

Actively engage surveillance stakeholders, including employees and senior staff. Companies should ensure that everyone can voice concerns about the use of CCTV in the workplace without fear of apprehension.

In particular, employees should have the opportunity to explain and contest footage used during disciplinary hearings. If they are not allowed to do so, the ICO can prevent the data from being used.

Handle data correctly. Don’t misappropriate it, don’t sell it, keep it secure, and answer SARs in a timely manner. Ultimately, the way a company handles its employees’ data is a part of its employer brand, and it’s as valuable as the way it handles its customers’ data.

Conclusions and Recommendations

Companies that operate in the UK are allowed to monitor their staff at work by use of CCTV in the workplace. However, the use of CCTV in the workplace is governed by extensive privacy and data protection legislation, which aims to ensure that the basic human rights to privacy and dignity are upheld for everyone, regardless of occupation and status.

CCTV surveillance cameras can be deployed on business premises, but only for legitimate, justifiable purposes. Certain rights, such as the right to access footage in which they appear, are granted by law to all employees.

It’s up to you to ensure that you comply with surveillance regulations and that you have the technical means to protect your employees’ rights and to respond to their legitimate requests for access to personal data.

Technical requirements range from correct CCTV camera installation to video lookup and indexing software that can help you quickly locate and export relevant footage fragments.

If you want to make sure that your CCTV system is properly installed and supports your organisation’s safety, security and documentation requirements, ACCL can help. ACCL has more than 28 years of experience in installing CCTV and access control systems in London and the surrounding areas.

Contact ACCL to discuss workplace CCTV installation, camera placement, cabling, access control integration or a site survey.

Related topics: Installing CCTV | CCTV rules and regulations UKRetail CCTV systems

Key Takeaways

  • Legal Use & Compliance: Employers can lawfully use CCTV to monitor workplace security and safety but must comply with UK laws including GDPR and the Data Protection Act. CCTV footage is classified as personal data and must be handled securely.

  • Transparency & Employee Notification: Employers must inform staff about the presence of CCTV systems, the reasons for monitoring, and where cameras are located through clear signage, policies, and communications.

  • Proportionate & Justified Monitoring: CCTV use must be proportionate to the purpose—mainly safety, security, or investigating suspected criminal behaviour. Covert monitoring is only lawful in exceptional cases involving investigations.

  • Employee Rights: Employees have the right to request access to footage relating to them and to be informed if footage is used in disciplinary processes. Monitoring should not be intrusive in private areas like toilets or changing rooms.

  • Impact on Employment Relations: Misuse or covert surveillance without justification can lead to breaches of trust, potential legal action, and claims such as constructive dismissal.

How ACCL Can Help with Workplace CCTV Installation

ACCL designs and installs commercial CCTV systems for offices, education sites, retail environments, warehouses, hospitality venues and multi-site organisations across London and the South East.

While ACCL does not provide legal advice, we can support the practical installation side of workplace CCTV, including camera placement, CCTV cabling, system setup, access control integration, signage considerations and handover documentation.

A well-planned CCTV installation should support safety and security while being clear, proportionate and manageable for the organisation using it.

For employers, that means choosing camera locations carefully, avoiding unnecessary coverage of sensitive areas, controlling who can access footage and ensuring the system is installed in a way that supports internal policies and data protection responsibilities.

Contact ACCL to discuss workplace CCTV installation, camera placement, cabling, access control integration or a site survey.

 

FAQs

Q. Can employers use CCTV in the workplace?

A. Yes. Employers can use CCTV in the workplace if they have a lawful, necessary and proportionate reason, such as security, health and safety, theft prevention or protecting staff.

Q. Do employers need to tell staff about CCTV?

A. In most cases, yes. Employees should usually be told that CCTV is in use, why it is being used, who can access footage and how long footage will be kept.

Q. Do employers need CCTV signs in the workplace?

A. Clear signage is usually expected where CCTV is in operation. Signs help employees, visitors and contractors understand that CCTV is being used and why footage is being collected.

Q. Can employees request CCTV footage of themselves?

A. Yes. Employees may be able to request footage that includes them through a subject access request. Employers should consider the rights of other people shown in the footage before releasing it.

Q. Can CCTV be used in disciplinary investigations?

A. CCTV may be used in disciplinary investigations if the footage has been obtained fairly, lawfully and for a legitimate purpose. Employees should normally have the opportunity to view and respond to footage being used.

Q. Can employers use covert CCTV?

A. Covert CCTV should only be used in exceptional circumstances, such as a specific investigation, and should be limited, necessary and proportionate.

Q. How long should workplace CCTV footage be kept?

A. Footage should not be kept for longer than necessary. Many organisations use a standard retention period, such as 30 days, unless footage is needed for an investigation, insurance matter, complaint, disciplinary process or legal reason.

Q. Who can view CCTV footage at work?

A. Access should be limited to authorised people who need to view the footage for a legitimate purpose. This may include security, HR, facilities, IT or an external security provider, depending on how the system is managed.

Q. Can ACCL advise on workplace CCTV compliance?

A. ACCL does not provide legal advice, but we can support the practical installation side of workplace CCTV, including camera placement, cabling, system setup, access control integration, signage considerations and handover documentation.

Get in touch today

Have a no-obligation chat with one of our data cabling experts, who can recommend a solution to suit your requirements and budget.

0333 900 0101 sales@network-data-cabling.co.uk Contact us