CCTV Compliance in 2026: What UK Businesses Need to Know

From data protection principles to the new Data (Use and Access) Act, here's what business CCTV operators need to get right in 2026.

7/8/20261 min read

photo of white staircase
photo of white staircase

CCTV footage counts as personal data whenever it captures identifiable individuals, which means the UK GDPR and Data Protection Act 2018 apply to every camera a business operates. Here's what's changing in 2026, and what the ICO expects businesses to have in place.

The Surveillance Camera Code of Practice, introduced under the Protection of Freedoms Act 2012, sets 12 guiding principles for operating cameras, covering operational requirements, technical standards and governance. The Data (Use and Access) Act received Royal Assent in June 2025, and from 19 June 2026 businesses will be required to have a documented process for handling complaints about CCTV and other data processing — the ICO recommends putting this in place now.

Core requirements: keep a register of every camera you operate, including its location, purpose, field of view and retention period. Display clear signage wherever CCTV captures public areas. Don't keep footage longer than necessary — most organisations retain it for 30 days unless there's a specific reason, such as an ongoing investigation.

L.A.R. Fire & Security installs and configures CCTV systems with compliance built in from day one, and can review existing setups against current ICO guidance.

Contact

Reach out for expert service and support

Email

Phone

info@lar-group.co.uk

© 2025. All rights reserved.

07778 563 429