Surveillance & Security Data Compliance

The GDPR (General Data Protection Regulation) forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 that sets out how Personal Data must be processed. Personal Data is information that relates to an identified or identifiable individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, a video image or other factors.


Surveillance and Security systems employed within the built environment that process Personal Data include, but are not necessarily limited to the following;

  • CCTV
  • Body Worn Cameras
  • Automatic Number Plate Recognition
  • Voice Recording
  • Mobile Phone Numbers
  • Electronic Access Control Systems
  • Biometric Recognition Systems
  • Aerial Surveillance Drones


GDPR introduces a duty on all organisations to report certain types of data breach to the Information Commissioners Office and in some cases to the individuals affected.

A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.


A security operative responsible for CCTV surveillance notices a high profile individual obviously the worse for drink behaving badly, he replays the footage and records it on his smartphone and uploads this to YouTube.

If you become aware of a breach you must immediately report this to the person acting as Data Protection Officer who must notify the relevant Board Member of the breach where it is likely to result in a risk to the rights and freedoms of individuals. If unaddressed such a breach is likely to have a significant detrimental effect on individuals – for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.

A notifiable breach has to be reported to the Information Commissioners Office within 72 hours of the organisation becoming aware of it. The GDPR recognises that it will often be impossible to investigate a breach fully within that time-period and allows you to provide information in phases.

Why not get in touch and see how we can help?

We’re ready to lead you into the future of Computer Aided Security Management, get in touch with us today and find out how easy it can be to ditch those inefficient paper records

Get in touch